The default password for the Java default keystore file $JAVA_HOME/lib/security/cacerts is 'changeit'
Setting up the Key and Trust Stores
- Using Java keytool, create a certificate for the Server:
keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
- Export the broker's certificate so it can be shared with clients:
keytool -export -alias broker -keystore broker.ks -file broker_cert
- Create a certificate/keystore for the client:
keytool -genkey -alias client -keyalg RSA -keystore client.ks
- Create a truststore for the client, and import the broker's certificate. This establishes that the client "trusts" the broker:
keytool -import -alias broker -keystore client.ts -file broker_cert
Starting the Server
Using the javax.net.ssl.* System Properties
Before starting the broker's VM set the SSL_OPTS enviorment variable so that it knows to use the broker keystore.
export SSL_OPTS = -Djavax.net.ssl.keyStore=/path/to/broker.ks -Djavax.net.ssl.keyStorePassword=password
Starting the Client
When starting the client's VM, specify the following system properties:
javax.net.ssl.keyStore=/path/to/client.ks
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/client.ts
No comments:
Post a Comment