beautypg.com

Siemens Java TC65 User Manual

Page 72

background image

TC65 JAVA User's Guide
Strictly confidential / Released

s

TC65 JAVA User's Guide_V05

Page 72 of 90

26.09.2005

11.1.1

Create a Secure Data Transfer Environment Step by Step

The following steps describe the creation of the configuration:
• Java Security Mode is activated (see 11.2.1 Change to Secured Mode)
• Certificate verification is activated for a data connection (HTTPS or SecureConnection)

The steps described below use the cygwin + openssl environment (for installation see

http://www.cygwin.com/

, the openssl documentation can be found here

http://www.openssl.org/docs/apps/openssl.html

)



1. Create CA and generate CA Root Certificate

-

We need certificates with sha1 signature. Java Security supports a sha1
signature of the certificate only.
Add the parameter "-sha1" to the command "Making CA certificate ..." in the
section of file CA.pl (cygwin location “\cygwin\usr\ssl\misc”)

-

create a shell (use location \cygwin\usr\ssl\misc)

- execute

commands

>perl CA.pl –newca

-

convert file format from PEM to DER
CA certificate cacert.pem

>openssl x509 -in ./demoCA/cacert.pem -inform PEM
-out ./demoCA/cacert.der -outform DER

CA private key file cakey.pem

>openssl pkcs8 -in ./demoCA/private/cakey.pem
-inform PEM
-out ./demoCA/private/cakey.der
-outform DER -nocrypt -topk8


2. Create server certificate and java keystore

- execute

command

>keytool -genkey -alias server -keypass keypass
-keystore customer.ks -storepass keystorepass
-sigalg SHA1withRSA -keyalg RSA

the field “name” of the certificate is the domain name or the IP address

of the server


3. Create certificate request for server certificate

- execute

command

>keytool -certreq -alias server -file server.csr
-keypass keypass
-keystore customer.ks -storepass keystorepass


4. Sign certificate request by CA

- execute

command

>openssl ca -in server.csr -out server.pem

-

convert file format from PEM to DER

>openssl x509 -in server.pem -inform PEM
–out server.der -outform DER


5. Import CA root certificate and CA private key into java keystore

-

Use the CA Root Certificate for the creation of Java Security Command
(see chapter 11.5.3)

- execute

command

>java -jar setprivatekey.jar -alias dummyca
-storepass keystorepass -keystore customer.ks
-keypass cakeypass