开发者

java using private key with Certificates and Keystore?

I have a Certificate that has been added to a keystore using a KeyTool. I have also been provided private keys for use in Production / Test environment. I understand that the certificate is using a public key. Where do i place the keystore and the private keys to be able to be read by the command line programme. Th开发者_Python百科e following key reads the keystore.

System.setProperty("javax.net.ssl.keyStore", "xxx.ks");
System.setProperty("javax.net.ssl.keyStorePassword", "xxx_4ps!");
System.setProperty("javax.net.ssl.trustStore", "xxx.ks");
System.setProperty("javax.net.ssl.trustStorePassword", "xxx!");. 

Where do i have to place the private keys to be read by the programme. I am new to public/private key encryption so any help would be appreciated.

Kind Regards, Mateen


The private key and its corresponding certificate go in the javax.net.ssl.keyStore.

Certificates that you want to trust go in the javax.net.ssl.trustStore. Often you don't have one of your own, just use the default supplied with the JDK, in which case you don't specify this property at all.


These properties are pointing to certificates and just indirectly to keys. So, first you have to get certificates and put them into keystores.

"javax.net.ssl.keyStore" is used for keystore with certificate which is used to identify your system. By default, without any additional code, you can use just one identity certificate per keystore. To create a certificate, you have two options - one is to create self-signed certificate, another one is to create CSR and send it to certificate authority to sign.

See http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html#selfcertCmd and http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html#certreqCmd commands.

Once certificate is created, there will be private and public keys associated to it.

"javax.net.ssl.trustStore" points to the keystore with certificates which you trust. It means that your system will accept SSL connections only with certificates from this keystore or signed by the certificates from this keystore. These certificated can be added into the keystore using following command: http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html#importCmd

You can put your keystores anywhere you like. Just ensure that java process has an access to them.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜