SSL Authentication

Enable SSL client authentication

If this is checked, SSL client authentication will be enabled. For additional information on SSL client authentication, see Oracle’s documentation: client authentication.

    • Keystore file path
      The path of a keystore file in Java KeyStore (JKS) format.
    • Keystore password
      The password of the keystore.

Use default truststore

If this is checked, the default truststore will be used to authenticate the server's certificate. The default truststore is the standard truststore 'cacerts' located in the <java-home>\lib\security\ directory.

    • Truststore file path
      The path of a truststore file in Java KeyStore (JKS) format.
    • Truststore password
      The password of the truststore.

If you have private key files (.key) and certificate files (.crt, .cer, .der, .p12, .p7b, .pem, .pfx, etc.) other than a Java KeyStore file (.jks), you can convert them into a Java KeyStore file (.jks) using the openssl and the keytool.

How to import an existing x509 certificate and a private key in Java keystore?

Step one: Convert x509 Cert and Key to a pkcs12 file

openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name [some-alias] -CAfile ca.crt -caname root
Note 1: Make sure you put a password on the p12 file, otherwise you'll get a null reference exception when you try to import it.
Note 2: You might want to add the -chain option to preserve the full certificate chain.

Step two: Convert the pkcs12 file to a java keystore

keytool -importkeystore -deststorepass [changeit] -destkeypass [changeit] -destkeystore server.keystore -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass some-password -alias [some-alias]

 

In this section

  • No labels