JSSE
From Dogtag
Generating Client Certificate
To generate client certificate:
$ keytool -genkey \
-keystore client-cert.jks \
-storepass Secret.123 \
-keyalg RSA \
-keypass Secret.123 \
-alias client \
-dname "UID=testuser,O=EXAMPLE"
To export client certificate:
$ keytool -export \
-keystore client-cert.jks \
-storepass Secret.123 \
-alias client \
-rfc \
-file client.crt
To trust client certificate:
$ keytool -import \
-keystore server-trust.jks \
-storepass Secret.123 \
-alias client \
-file client.crt
Generating Server Certificate
$ keytool -genkey \
-keystore server-cert.jks \
-storepass Secret.123 \
-keyalg RSA \
-keypass Secret.123 \
-alias server \
-dname "CN=$HOSTNAME,O=EXAMPLE"
To export server certificate:
$ keytool -export \
-keystore server-cert.jks \
-storepass Secret.123 \
-alias server \
-rfc \
-file server.crt
To trust server certificate:
$ keytool -import \
-keystore client-trust.jks \
-storepass Secret.123 \
-alias server \
-file server.crt
Debugging
To debug JSSE, set the following Java system property:
- javax.net.debug: all
To debug JSSE in Tomcat, set the following variable in /etc/sysconfig/<service>:
JAVA_OPTS="-Djavax.net.debug=all"
