Siemens TC65 User Manual
Page 72
TC65 JAVA User's Guide
Strictly confidential / Released
s
TC65 JAVA User's Guide_V05
Page 72 of 90
26.09.2005
11.1.1
Create a Secure Data Transfer Environment Step by Step
The following steps describe the creation of the configuration:
• Java Security Mode is activated (see 11.2.1 Change to Secured Mode)
• Certificate verification is activated for a data connection (HTTPS or SecureConnection)
The steps described below use the cygwin + openssl environment (for installation see
http://www.cygwin.com/
, the openssl documentation can be found here
http://www.openssl.org/docs/apps/openssl.html
)
1. Create CA and generate CA Root Certificate
-
We need certificates with sha1 signature. Java Security supports a sha1
signature of the certificate only.
Add the parameter "-sha1" to the command "Making CA certificate ..." in the
section of file CA.pl (cygwin location “\cygwin\usr\ssl\misc”)
-
create a shell (use location \cygwin\usr\ssl\misc)
- execute
commands
>perl CA.pl –newca
-
convert file format from PEM to DER
CA certificate cacert.pem
>openssl x509 -in ./demoCA/cacert.pem -inform PEM
-out ./demoCA/cacert.der -outform DER
CA private key file cakey.pem
>openssl pkcs8 -in ./demoCA/private/cakey.pem
-inform PEM
-out ./demoCA/private/cakey.der
-outform DER -nocrypt -topk8
2. Create server certificate and java keystore
- execute
command
>keytool -genkey -alias server -keypass keypass
-keystore customer.ks -storepass keystorepass
-sigalg SHA1withRSA -keyalg RSA
the field “name” of the certificate is the domain name or the IP address
of the server
3. Create certificate request for server certificate
- execute
command
>keytool -certreq -alias server -file server.csr
-keypass keypass
-keystore customer.ks -storepass keystorepass
4. Sign certificate request by CA
- execute
command
>openssl ca -in server.csr -out server.pem
-
convert file format from PEM to DER
>openssl x509 -in server.pem -inform PEM
–out server.der -outform DER
5. Import CA root certificate and CA private key into java keystore
-
Use the CA Root Certificate for the creation of Java Security Command
(see chapter 11.5.3)
- execute
command
>java -jar setprivatekey.jar -alias dummyca
-storepass keystorepass -keystore customer.ks
-keypass cakeypass