Private and public key separately

1
votes

οκ!I want to establish a client server communication oves SSL/TLS in java. The server is multithreaded. With openssl I acted as my own CA (created private key and self-signed certificate for the authority). Now I want to create keys and certs for my server and clients which are signed from the CA I created.

1)Do I have to create certs and keys from the prompt for every single client? Or is it another "automated" way eg with a script?

2) I have seen that this code for setting up keystores

private void setupClientKeyStore() throws GeneralSecurityException, IOException 
    {
    clientKeyStore = KeyStore.getInstance( "JKS" );
    clientKeyStore.load( new FileInputStream( "client1publickey.jks" ),
                       "password".toCharArray() );
    }

    private void setupServerKeystore() throws GeneralSecurityException, IOException
    {
    InputStream keyStoreResource = new FileInputStream("serverprivatekey.jks");
    char[] keyStorePassphrase = "password".toCharArray();
    serverKeyStore = KeyStore.getInstance("JKS");
    serverKeyStore.load(keyStoreResource, keyStorePassphrase);
}

I have run the command to see what type of entries are these and client1publickey is a TrustedCert entry while serverprivatekey is a PrivateKey entry. This code is on my server class. I have this code on my client class 

 private void setupServerKeystore() throws GeneralSecurityException, IOException {
    serverKeyStore = KeyStore.getInstance( "JKS" );
    serverKeyStore.load( new FileInputStream("serverpublickwy.jks"), 
                        "university".toCharArray() );
  } 
   private void setupClientKeyStore() throws GeneralSecurityException, IOException {
    clientKeyStore = KeyStore.getInstance( "JKS" );
    clientKeyStore.load( new FileInputStream( "client1privatekey.jks" ),
                       "university".toCharArray() );}
The question is that how can I create these jks files separately? The publickey.jks file is cert, right? How can I have it in another file from the private key and be signed from CA? Or is it another way I can estabvlish connections between client/server? Firstly I had created the CA with openssl and then the two jks files for server and client included the certs and the key. Sorry for the english.
javaopensslkeystoreprivate-keypublic-key
First, do you need/want client authentication, aka client certificate? SSL/TLS itself doesn't require it; protocols using SSL/TLS may. Second, the main benefit of a CA is that reliers -- the clients for sure, and the server(s) if you do use client auth -- don't need to be configured with the certs of their peers, only the one root cert of the CA. The truststore with the CA root cert need not be a separate JKS file; Java can handle both trustedCert entries and privateKey entries in one JKS. ...dave_thompson_085
... But each server, and each client if client auth, does need a privatekey AND a cert for that privatekey in its keystore. You can generate the key and CSR in Java (JKS), use openssl to issue a cert from the CSR, and import the cert back to JKS; or you can generate the key, CSR and cert all in openssl and "export" as PKCS#12 to Java. If you still have a question, please be more specific.dave_thompson_085