ca-csr-keytool-truststore notes

Keystore is used to store private key and identity certificates that a specific program should present to both parties (server or client) for verification.
Truststore is used to store certificates from Certified Authorities (CA) that verify the certificate presented by the server in SSL connection.

Client: Keystore Truststore(will have both files)

Server:Truststore Keystore(will have both files)

Client’s Keystore talks to server Truststore for client authentication

Server’s Keystore talks to server Truststore for server authentication

• Create a CA. → ca-cert file

openssl  -keyout ca-key -out ca-cert

• Create a Keystore for each Host → keystore.jks file

keytool -genkey (Keystore+key)  -keystore keystore.jks

• Create Certificate in Keystore → cert-file

keytool -keystore -certreq -file cert-file

• do a sign the cert-file with ca-cert to get →cert-file-signed file

openssl ca-key -in cert-file -out cert-file-signed

• Import into keystore.jks ← ca-cert,cert-file-signed

keytool -keystore keystore.jks -import -file ca-cert
keytool -keystore keystore.jks -import -file cert-file-signed

• Import into truststore.jks ← ca-cert

keytool -keystore truststore.jks -import -file ca-cert