Support User Manuals

Sun Microsystems 5.1.1 Network Cables User Manual

Open as PDF

of 114

Chapter 4 Section 4.2

Operating SSL KeyStores and TrustStores

HTTPS eWay Adapter User’s Guide 29 Sun Microsystems, Inc.

4.2 KeyStores and TrustStores

As depicted in Figure 8, JSSE makes use of files called KeyStores and TrustStores. The

KeyStore is used by the eWay for client authentication, while the TrustStore is used to

authenticate a server in SSL authentication.

 A KeyStore consists of a database containing a private key and an associated

certificate, or an associated certificate chain. The certificate chain consists of the

client certificate and one or more certification authority (CA) certificates.

 A TrustStore contains only the certificates trusted by the client (a “trust” store).

These certificates are CA root certificates, that is, self-signed certificates. The

installation of the Logical Host includes a TrustStore file named cacerts.jks in the

location:

<c:\JavaCAPS>\logicalhost\is\domains\<MyDomain>\config

where <c:\JavaCAPS> is the directory where the Sun Java Composite Application

Platform Suite is installed and <MyDomain> is the name of your domain. This file is

recommended as the TrustStore for the HTTPS eWay.

Both KeyStores and TrustStores are managed by means of a utility called keytool,

which is a part of the Java SDK installation.

4.2.1 Generating a KeyStore and TrustStore

This section explains steps on how to create both a KeyStore and a TrustStore (or import

a certificate into an existing TrustStore such as the default Logical Host TrustStore in the

location:

<c:\JavaCAPS>\logicalhost\is\domains\<MyDomain>\config\cacert

s.jks

where <c:\JavaCAPS> is the directory where the Sun Java Composite Application

Platform Suite is installed and <MyDomain> is the name of your domain. The primary

tool used is keytool, but openssl is also used as a reference for generating pkcs12

KeyStores.

For more information on openssl, and available downloads, visit the following Web

site:

http://www.openssl.org.

4.2.2 KeyStores

This section explains how to use KeyStores.

Creating a KeyStore in JKS Format

This section explains how to create a KeyStore using the JKS format as the database

format for both the private key, and the associated certificate or certificate chain. By

default, as specified in the java.security file, keytool uses JKS as the format of the key

and certificate databases (KeyStore and TrustStores). A CA must sign the certificate

previous next