Difference between revisions of "TLS"
From Vague Hope Wiki
(→Java) |
|||
Line 39: | Line 39: | ||
</pre> | </pre> | ||
− | List Trusted CA Certs | + | List Trusted CA Certs. |
<pre> | <pre> | ||
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts | keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts | ||
</pre> | </pre> | ||
+ | |||
+ | Import New CA into Trusted Certs | ||
+ | <pre> | ||
+ | keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts | ||
+ | </pre> | ||
+ | |||
+ | References: | ||
+ | * https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html |
Revision as of 03:12, 19 May 2012
Examine
openssl x509 -text -in client.pem openssl rsa -text -in client.pem openssl crl -text -in cacrl.pem
demoCA
/usr/lib/ssl/misc/CA.sh -newca
/usr/lib/ssl/misc/CA.sh -newreq /usr/lib/ssl/misc/CA.sh -sign
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365 openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443
echo 01 > demoCA/crlnumber openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30
Fields
- C=Country Name (2 letter code)
- ST=State or Province Name (full name)
- O=Organization Name (eg, company)
- OU=
- CN=
Java
Make self-signed server key.
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA
List Trusted CA Certs.
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
Import New CA into Trusted Certs
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
References: