I want to establish a client server communication over SSL/TLS in java. The server is multithreaded. With openssl I acted as my own CA (created private key and self-signed certificate for the authority). Now I want to create keys and certs for my server and clients which are signed from the CA I created.
1) Do I have to create certs and keys from the prompt for every single client? Or is it another "automated" way e.g. with a script?
2) I have seen that this code for setting up keystores
private void setupClientKeyStore() throws GeneralSecurityException, IOException { clientKeyStore = KeyStore.getInstance( "JKS" ); clientKeyStore.load( new FileInputStream( "client1publickey.jks" ), "password".toCharArray() ); } private void setupServerKeystore() throws GeneralSecurityException, IOException { InputStream keyStoreResource = new FileInputStream("serverprivatekey.jks"); char[] keyStorePassphrase = "password".toCharArray(); serverKeyStore = KeyStore.getInstance("JKS"); serverKeyStore.load(keyStoreResource, keyStorePassphrase); }
I have run the command to see what type of entries are these and client1publickey is a TrustedCert entry while serverprivatekey is a PrivateKey entry. This code is on my server class. I have this code on my client class
private void setupServerKeystore() throws GeneralSecurityException, IOException { serverKeyStore = KeyStore.getInstance( "JKS" ); serverKeyStore.load( new FileInputStream("serverpublickwy.jks"), "university".toCharArray() ); } private void setupClientKeyStore() throws GeneralSecurityException, IOException { clientKeyStore = KeyStore.getInstance( "JKS" ); clientKeyStore.load( new FileInputStream( "client1privatekey.jks" ), "university".toCharArray() );}
The question is that how can I create these jks files separately? The publickey.jks file is cert, right? How can I have it in another file from the private key and be signed from CA? Or is it another way I can establish connections between client/server? Firstly I had created the CA with openssl and then the two jks files for server and client included the certs and the key.