Here is the scenario:
Say i have got two End Point Reference (EPR) to which i have to make web method/API calls and these EPR's has given me their keystore file. Now i got to create self-signed certificate (out of each keystore file) and finally import these certificates as part of truststore [Which will finally used for server verification].
1)Create a self-signed certificate with name "cert_EPR1.cert" from keystore keystore_epr1.jks
$JAVA_HOME/bin/keytool -export -rfc -file cert_EPR1.cert -alias EPR1 -storetype JKS -storepass changeit -keypass changeit -keystore keystore_epr1.jks
2)See how cert_EPR1.cert looks
/usr/java/default/bin/keytool -printcert -file cert_EPR1.cert
Owner: CN=*.mycomp.com
Issuer: CN=*.mycomp.com
Serial number: 5040ccbe
Valid from: Fri Aug 31 08:39:58 MDT 2012 until: Thu Nov 29 07:39:58 MST 2012
Certificate fingerprints:
MD5: D1:73:70:9C:2D:34:9F:85:8A:93:01:71:49:7A:0C:6D
SHA1: F5:E5:DB:BD:76:D6:B2:4E:C7:C5:5C:45:1E:E5:94:6D:48:A5:16:B8
Signature algorithm name: SHA1withRSA
Version: 3
3)Create a self-signed certificate with name "cert_EPR2.cert" from keystore keystore_epr2.jks
$JAVA_HOME/bin/keytool -export -rfc -file cert_EPR2.cert -alias EPR2 -storetype JKS -storepass changeit -keypass changeit -keystore keystore_epr2.jks
Certificate stored in file
4) See how cert_EPR2.cert looks
/usr/java/default/bin/keytool -printcert -file cert_EPR2.cert
Owner: CN=*.mycomp.com
Issuer: CN=*.mycomp.com
Serial number: 502a52d6
Valid from: Tue Aug 14 07:29:58 MDT 2012 until: Mon Nov 12 06:29:58 MST 2012
Certificate fingerprints:
MD5: E9:F5:82:4B:CB:A2:5A:A0:17:E2:61:9E:E8:B7:17:64
SHA1: 5C:95:B6:4F:76:0E:4B:ED:56:79:F5:CC:1E:CA:B6:8D:7E:E6:38:5A
Signature algorithm name: SHA1withRSA
Version: 3
5)make cert_EPR1.cert as part of one truststore who's password is trustStorePassword
$JAVA_HOME/bin/keytool -import -alias EPR1 -keystore truststore -file cert_EPR1.cert -storepass trustStorePassword
Owner: CN=*.mycomp.com
Issuer: CN=*.mycomp.com
Serial number: 5040ccbe
Valid from: Fri Aug 31 08:39:58 MDT 2012 until: Thu Nov 29 07:39:58 MST 2012
Certificate fingerprints:
MD5: D1:73:70:9C:2D:34:9F:85:8A:93:01:71:49:7A:0C:6D
SHA1: F5:E5:DB:BD:76:D6:B2:4E:C7:C5:5C:45:1E:E5:94:6D:48:A5:16:B8
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: y
Certificate was added to keystore
6)make cert_EPR2.cert as part of same truststore (who's password is trustStorePassword)
$JAVA_HOME/bin/keytool -import -alias EPR2 -keystore truststore -file cert_EPR2.cert -storepass trustStorePassword
Owner: CN=*.mycomp.com
Issuer: CN=*.mycomp.com
Serial number: 502a52d6
Valid from: Tue Aug 14 07:29:58 MDT 2012 until: Mon Nov 12 06:29:58 MST 2012
Certificate fingerprints:
MD5: E9:F5:82:4B:CB:A2:5A:A0:17:E2:61:9E:E8:B7:17:64
SHA1: 5C:95:B6:4F:76:0E:4B:ED:56:79:F5:CC:1E:CA:B6:8D:7E:E6:38:5A
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: y
Certificate was added to keystore
7)Lets see what actually created trusstore has :
/usr/java/default/bin/keytool -list -keystore truststore -storepass trustStorePassword
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
EPR1, Sep 13, 2012, trustedCertEntry,
Certificate fingerprint (MD5): D1:73:70:9C:2D:34:9F:85:8A:93:01:71:49:7A:0C:6D
EPR2, Sep 13, 2012, trustedCertEntry,
Certificate fingerprint (MD5): E9:F5:82:4B:CB:A2:5A:A0:17:E2:61:9E:E8:B7:17:64
so all good .. We are done here
Use above create trustStore in your webservice client..
Thursday, September 13, 2012
Managing multiple entries in java (custom) truststore
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment