In this exercise we will create a self signed certificate for server and client side interaction.
You can refer to the oracle documentation for understanding the basic concepts.
I will just use them to create a pair of certificates one for server side and other for client side.
Open a command prompt and move to a jdk home
I have jdeveloper at my end so i am using the default jdk that comes with jdeveloper
D:\SOA11g\jdeveloper\jdk160_18>cd bin
D:\SOA11g\jdeveloper\jdk160_18\bin>set JAVA_HOME=D:\SOA11g\jdeveloper\jdk160_18
D:\SOA11g\jdeveloper\jdk160_18\bin>
Now i will use the following command to generate the keystore
keytool -genkey -alias server -keyalg RSA -keysize 1024 -keystore server.jks -storepass server_welcome1 -validity 365 -keypass server_password -dname "cn=Servertest,ou=Integration,o=ABC,c=IN"
Now verify it
keytool -list -keystore server.jks
Provide password when asked for
Similarly create a key store for client
keytool -genkey -alias client -keyalg RSA -keysize 1024 -keystore client.jks -storepass client_welcome1 -validity 365 -keypass client_password -dname "cn=Clienttest,ou=Integration,o=ABC,c=IN"
You can just have a look in the D:\SOA11g\jdeveloper\jdk160_18\bin location to actually see if the key store are getting generated.Once again verify it in the same way
keytool -list -keystore client.jks
NOw we will just export the keys in to a .cert file
We will use the following command to export it to a certificate.First of all server certificate
keytool -export -alias server -file server.cert -keystore server.jks -storepass server_welcome1
Similarly we will do the same for client certificate also
keytool -export -alias client -file client.cert -keystore client.jks -storepass client_welcome1
Now next step is to import the client certificate to server keystore and import the server certificate to client keystore for a two way authentication to happen.
Oracle provide the document for the same.
You can follow the document to set up a one way or two way ssl
I will just import the certificate and rest you can do by following the document.
first client certificate to server keystore
keytool -import -alias client -trustcacerts -file client.cert -keystore server.jks -storepass server_welcome1
When asked whether you trust the certificate or not you can say yes to make it valid
D:\SOA11g\jdeveloper\jdk160_18\bin>keytool -import -alias client -trustcacerts -
file client.cert -keystore server.jks -storepass server_welcome1
Owner: CN=Clienttest, OU=Integration, O=ABC, C=IN
Issuer: CN=Clienttest, OU=Integration, O=ABC, C=IN
Serial number: 4cb2ca62
Valid from: Mon Oct 11 13:57:14 IST 2010 until: Tue Oct 11 13:57:14 IST 2011
Certificate fingerprints:
MD5: 64:D2:B8:EC:29:B3:64:29:0F:54:C4:93:DD:8D:80:C4
SHA1: AF:C4:57:A3:2B:71:3C:53:B3:55:B1:68:E0:3C:CE:29:AA:23:78:55
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore
Similarly import the server certificate to client keystore
keytool -import -alias server -trustcacerts -file server.cert -keystore client.jks -storepass client_welcome1
D:\SOA11g\jdeveloper\jdk160_18\bin>e server.cert -keystore client.jks -storepass
oracle_client
'e' is not recognized as an internal or external command,
operable program or batch file.
D:\SOA11g\jdeveloper\jdk160_18\bin>keytool -import -alias server -trustcacerts -
file server.cert -keystore client.jks -storepass client_welcome1
Owner: CN=Servertest, OU=Integration, O=ABC, C=IN
Issuer: CN=Servertest, OU=Integration, O=ABC, C=IN
Serial number: 4cb2b974
Valid from: Mon Oct 11 12:45:00 IST 2010 until: Tue Oct 11 12:45:00 IST 2011
Certificate fingerprints:
MD5: AE:69:BE:DE:AB:61:86:E9:73:1B:CF:DC:1F:A1:68:78
SHA1: 53:39:9E:FB:81:40:C6:7F:E4:67:5E:0C:2A:4C:48:CE:C5:F3:C8:B2
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore
Now you have everything you just need to point them in your server configuration.
No comments:
Post a Comment