Create SSL Server Certificate with "keytool"

Q

How to create an SSL Server Certificate with JDK "keytool"? I want to run a SSL socket server program.

✍: FYIcenter

A

"keytool" from the JDK package is a nice tool to create public and private key pairs. It also allows you that create self-sign server certificates that you can use as SSL server certificates. Here are the steps you can follow to create SSL server certificates for testing purpose:

1. Generate a self-signed certificate as the server certificate in a new keystore file:

\fyicenter>\local\jdk-1.8.0\bin\keytool -genkeypair -alias server -keystore server.jks
Enter keystore password: fyicenter
Re-enter new password: fyicenter
What is your first and last name?
  [Unknown]:  fyicenter.com
What is the name of your organizational unit?
  [Unknown]:  IT
What is the name of your organization?
  [Unknown]:  FYIcenter
What is the name of your City or Locality?
  [Unknown]:  NA
What is the name of your State or Province?
  [Unknown]:  NA
What is the two-letter country code for this unit?
  [Unknown]:  FR
Is CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR correct?
  [no]:  yes

Enter key password for <server>
        (RETURN if same as keystore password): fyicenter
Re-enter new password: fyicenter

2. Export the server certificate as certificate file to be able to give it to clients:

\fyicenter>\local\jdk-1.8.0\bin\keytool -exportcert -alias server -keystore server.jks 
   -file server.crt

Enter keystore password: fyicenter
Certificate stored in file <server.crt>

3. Verify the server certificate file:

\fyicenter>\local\jdk-1.8.0\bin\keytool -printcert -file server.crt
Owner: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
Issuer: CN=fyicenter.com, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
Serial number: 5ae4a887
Valid from: Sun Jun 25 08:00:08 until: Sat Sep 23 08:00:08
Certificate fingerprints:
         MD5:  A1:F0:B5:DA:FC:3F:F8:19:F4:B7:45:21:7A:B4:DE:36
         SHA1: 7A:5C:4E:6D:9A:46:4E:89:59:C6:85:B6:1C:02:70:E9:FC:88:0C:66
         SHA256: 90:81:76:8B:76:A9:51:36:84:24:35:62:D8:53:E1:CB:AD:0B:10:12:A3:...
         Signature algorithm name: SHA1withDSA
         Version: 3
...

The server certificate is ready. To use it, you need to provide server.jks to the SSL server program, and provide server.crt to the client program.

⇒ SslServerCmd.java - SSL Server Command Example

⇐ SslClientCmd.java - SSL Client Command Example

⇑ Examples for jsse.jar - Java Secure Socket Extension

⇑⇑ FAQ for jsse.jar - Java Secure Socket Extension

2018-06-27, ∼2088🔥, 0💬

SslSocketClient.java - SSL Socket Client Example
How to write an SSL socket client code to communicate to a HTTPS Website using jsse.jar? If you want to write an SSL socket client code to communicate to a HTTPS Website using jsse.jar, you can following the example below: // Copyright (c) FYIcenter.com import java.net.*; import java.io.*; import ja... 2018-03-31, ∼2924🔥, 0💬

SslServerCmd.java - SSL Server Command Example
How to create an SSL server program to run like a command? In order to create an SSL server program, you need to do the following: 1. Load the keystore file that contains the server certificate. Remember to specify the keystore password as shown below: KeyStore ks = KeyStore.getInstance("JKS"); ks.l... 2018-06-27, ∼2896🔥, 0💬

SslCipherList.java - SSL Cipher List
How to get a list of SSL ciphers supported in jsse.jar? You can use the following sample Java code to a list of SSL ciphers supported in jsse.jar: // Copyright (c) FYIcenter.com import java.net.*; import java.io.*; import javax.net.ssl.*; public class SslCipherList { public static void main(String[]... 2018-03-31, ∼2896🔥, 0💬

SslClientCmd.java - SSL Client Command Example
How to create an SSL client program to run like a command? Here is an SSL client example program you can run like a command to communicate to any HTTPS web server: // Copyright (c) FYIcenter.com import java.net.*; import java.io.*; import javax.net.ssl.*; public class SslClientCmd { public static vo... 2018-03-31, ∼2580🔥, 0💬

SslSocketInfo.java - SSL Socket Information
How to get more information about the SSL Socket object? It is created as "SSLSocketFactory.createSocket ()".If you created a URL object with "new java.net.URL(...)", you can use the following sample Java code to get more information about the URL object: // Copyright (c) FYIcenter.com import java.n... 2018-03-31, ∼2362🔥, 0💬

What Is Client Certificate Authentication
What Is Client Certificate Authentication? Client Certificate Authentication is an extra layer of security protection added to the normal SSL socket communication. In a normal SSL socket communication: The client is asking for the server to show server certificate. The client validates the server ce... 2018-06-27, ∼2288🔥, 0💬

Create SSL Server Certificate with "keytool"
How to create an SSL Server Certificate with JDK "keytool"? I want to run a SSL socket server program. "keytool" from the JDK package is a nice tool to create public and private key pairs. It also allows you that create self-sign server certificates that you can use as SSL server certificates. Here ... 2018-06-27, ∼2089🔥, 0💬

Create SSL Client Certificate with "keytool"
How to create an SSL Client Certificate with JDK "keytool"? I want to run a SSL socket client program that requires client authentication. "keytool" from the JDK package is a nice tool to create public and private key pairs. It also allows you that create self-sign client certificates that you can u... 2018-06-12, ∼2075🔥, 0💬

Make SSL Server Certificate Trusted
How to make a SSL self-signed server certificate trusted? I want the ValidatorException going away. There are several options to make a self-signed server certificate trusted: Send your self-signed certificate to a trusted root CA, like GeoTrust, and ask them to sign it for you. Add your self-signed... 2018-06-27, ∼2039🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. FYIcenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.