3 ssl handshaking, Ssl handshaking – Sun Microsystems 5.1.1 User Manual

Chapter 4

Section 4.3

Operating SSL

SSL Handshaking

HTTPS eWay Adapter User’s Guide

33

Sun Microsystems, Inc.

\logicalhost\is\domains\\config\cacert

s.jks

where is the directory where the Sun Java Composite Application
Platform Suite is installed and is the name of your domain. The primary
tool used is keytool, but openssl is also used as a reference for generating pkcs12
KeyStores.

Notice that in the previous section, steps 2 and 3 were used to import two CAs into the
TrustStore created in step 1. For example, suppose you have a trusted certificate file
named: C:\trustedcerts\foo.cert and want to import it to the trustedcacertsjks
TrustStore.

If you are importing certificates into an existing TrustStore, use:

keytool -import -file C:\cacerts\secondCA.cert -alias secondCA

-keystore trustedcacertsjks

Once you are finished, trustedcacertsjks can be used as the TrustStore for the eWay.

4.3

SSL Handshaking

There are two options available for setting up SSL connectivity with a Web server:

ƒ

Server-side Authentication

: The majority of eCommerce Web sites on the Internet

are configured for server-side authentication. The eWay requests a certificate from
the Web server and authenticates the Web server by verifying that the certificate can
be trusted. Essentially, the eWay performs this operation by looking into its
TrustStore for a CA certificate with a public key that can validate the signature on
the certificate received from the Web server. This option is illustrated in Figure 9.