beautypg.com

2 keystores and truststores, 1 generating a keystore and truststore, 2 keystores – Sun Microsystems 5.1.1 User Manual

Page 29: Creating a keystore in jks format, Keystores and truststores, Generating a keystore and truststore, Keystores

background image

Chapter 4

Section 4.2

Operating SSL

KeyStores and TrustStores

HTTPS eWay Adapter User’s Guide

29

Sun Microsystems, Inc.

4.2

KeyStores and TrustStores

As depicted in Figure 8, JSSE makes use of files called KeyStores and TrustStores. The
KeyStore is used by the eWay for client authentication, while the TrustStore is used to
authenticate a server in SSL authentication.

ƒ

A KeyStore consists of a database containing a private key and an associated

certificate, or an associated certificate chain. The certificate chain consists of the
client certificate and one or more certification authority (CA) certificates.

ƒ

A TrustStore contains only the certificates trusted by the client (a “trust” store).

These certificates are CA root certificates, that is, self-signed certificates. The
installation of the Logical Host includes a TrustStore file named cacerts.jks in the
location:

\logicalhost\is\domains\\config

where is the directory where the Sun Java Composite Application
Platform Suite is installed and is the name of your domain. This file is
recommended as the TrustStore for the HTTPS eWay.

Both KeyStores and TrustStores are managed by means of a utility called keytool,
which is a part of the Java SDK installation.

4.2.1

Generating a KeyStore and TrustStore

This section explains steps on how to create both a KeyStore and a TrustStore (or import
a certificate into an existing TrustStore such as the default Logical Host TrustStore in the
location:

\logicalhost\is\domains\\config\cacert

s.jks

where is the directory where the Sun Java Composite Application
Platform Suite is installed and is the name of your domain. The primary
tool used is keytool, but openssl is also used as a reference for generating pkcs12
KeyStores.

For more information on openssl, and available downloads, visit the following Web
site:

http://www.openssl.org

.

4.2.2

KeyStores

This section explains how to use KeyStores.

Creating a KeyStore in JKS Format

This section explains how to create a KeyStore using the JKS format as the database
format for both the private key, and the associated certificate or certificate chain. By
default, as specified in the java.security file, keytool uses JKS as the format of the key
and certificate databases (KeyStore and TrustStores). A CA must sign the certificate

See also other documents in the category Sun Microsystems Hardware: