JDK Tutorials - Herong's Tutorial Notes - SSL

JDK Tutorials - Herong's Tutorial Notes

Dr. Herong Yang, Version 4.32, 2006

SSL - Client Authentication

Part: 1 2 3 4 5

JDK Tutorials - Herong's Tutorial Notes © Dr. Herong Yang

Internationalization

Character Set and Encoding

Socket Communication

Document Object Model (DOM)

XSD Validation in Java

XSL - Transformer in Java

JCA - Private and Public Key Pairs

JCE - Secret Key

SSL (Secure Socket Layer)

SSL - Client Authentication

... Table of Contents

(Continued from previous part...)

At this moment, the server's "full" certificate is ready and stored in server.jks. The server's "public" certificate is also ready and stored in server_pub.crt. Next, let's see what I did on the client side:

>keytool -genkey -alias client_full -keypass ClientKey
   -keystore client.jks -storepass ClientJKS
   
What is your first and last name?
  [Unknown]:  my.client.com
What is the name of your organizational unit?
  [Unknown]:  My Unit
What is the name of your organization?
  [Unknown]:  My Home
What is the name of your City or Locality?
  [Unknown]:  My City
What is the name of your State or Province?
  [Unknown]:  My State
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=my.client.com, OU=My Unit, O=My Home, L=My City, ST=My State...
  [no]:  yes

>keytool -export -alias client_full -file client_pub.crt 
   -keystore client.jks -storepass ClientJKS
   
Certificate stored in file <client_pub.crt>
       
>"send client_pub.crt to the server side..."

>"receive server_pub.crt from the server side..."

>keytool -import -alias cerver_pub -file server_pub.crt 
   -keystore client.jks -storepass ClientJKS

Owner: CN=my.server.com, OU=My Unit, O=My Home, L=My City, ST=My S...
Issuer: CN=my.server.com, OU=My Unit, O=My Home, L=My City, ST=My ...
......
Trust this certificate? [no]:  yes
Certificate was added to keystore

>keytool -list -keystore client.jks -storepass ClientJKS

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

client_full, Mar 29, 2005, keyEntry,
Certificate fingerprint (MD5): 53:5F:62:00:4A:5F:0E:DC:1A:8F:4B:8E...
cerver_pub, Mar 29, 2005, trustedCertEntry,
Certificate fingerprint (MD5): 34:71:CD:2F:E8:D9:32:57:34:61:46:4C...

At this moment, the client's "full" certificate is ready and stored in client.jks. The client's "public" certificate is also ready and stored in client_pub.crt. The server's "public" certificate is also added client.jks as a trusted certificate. Next, I have to go the server side and add the client's "public" certificate:

>keytool -import -alias client_pub -file client_pub.crt 
   -keystore server.jks -storepass ServerJKS
   
Owner: CN=my.client.com, OU=My Unit, O=My Home, L=My City, ST=My S...
Issuer: CN=my.client.com, OU=My Unit, O=My Home, L=My City, ST=My ...
......
Trust this certificate? [no]:  yes
Certificate was added to keystore

>keytool -list -keystore server.jks -storepass ServerJKS

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

server_full, Mar 29, 2005, keyEntry,
Certificate fingerprint (MD5): 34:71:CD:2F:E8:D9:32:57:34:61:46:4C...
client_pub, Mar 29, 2005, trustedCertEntry,
Certificate fingerprint (MD5): 53:5F:62:00:4A:5F:0E:DC:1A:8F:4B:8E...

I think I am ready to perform a SSL communication with both server and client authentications. What do you think?

(Continued on next part...)

Part: 1 2 3 4 5

Dr. Herong Yang, updated in 2006

JDK Tutorials - Herong's Tutorial Notes - SSL - Client Authentication