Wednesday, March 24, 2010

Use SSL in Java

The default password for the Java default keystore file $JAVA_HOME/lib/security/cacerts is 'changeit'

Setting up the Key and Trust Stores

  1. Using Java keytool, create a certificate for the Server:
    keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
  2. Export the broker's certificate so it can be shared with clients:
    keytool -export -alias broker -keystore broker.ks -file broker_cert
  3. Create a certificate/keystore for the client:
    keytool -genkey -alias client -keyalg RSA -keystore client.ks
  4. Create a truststore for the client, and import the broker's certificate. This establishes that the client "trusts" the broker:
    keytool -import -alias broker -keystore client.ts -file broker_cert

Starting the Server

Using the javax.net.ssl.* System Properties

Before starting the broker's VM set the SSL_OPTS enviorment variable so that it knows to use the broker keystore.

export SSL_OPTS = -Djavax.net.ssl.keyStore=/path/to/broker.ks -Djavax.net.ssl.keyStorePassword=password

Starting the Client

When starting the client's VM, specify the following system properties:

javax.net.ssl.keyStore=/path/to/client.ks
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/client.ts

Post a Comment
Google+