Академический Документы
Профессиональный Документы
Культура Документы
Although it is mandatory to go through a recognized CA (Certification Authority) in order to build trust between two parties, you definitely can create self-signed certificates in order to test your web application, which uses digital certificates for encryption and signing. There are mainly two popular tools in the industry to create self-signed certificates. 1. OpenSSL 2. Keytool Using OpenSSL 1. Generating the private key. There are two types of private keys. RSA and DSA. Creating the RSA private key: There is only one step.
1 1 1
Creating the DSA private key. There are two steps. openssl dsaparam -out crish_dsa_param.pem 2048 openssl gendsa -out crish_private_key.pem crish_dsa_param.pem
openssl req -new -x509 -key crish_private_key.pem -out crish_cert.pem days 365
4. Generating the CSR (Certificate Signing Request) when you need a valid CA assurance. You are required to send this CSR file to the selected CA and get a signed certificate.
Reference: http://www.akadia.com/services/ssh_test_certificate.html
Using Keytool 1. Generating the key pair into a keystore (JKS) For RSA:
keytool -genkey -keyalg RSA -keysize 2048 -keystore crish_keystore.jks -alias crish
For DSA:
keytool -genkey -keyalg DSA -keysize 2048 -keystore crish_keystore.jks -alias crish
If you compare above methods, it is apparent that KeyTool has got less number of steps than OpenSSL. But, OpenSSL has the ability to import or export private keys using keystores. Reference: http://www.linux.com/archive/feed/37792?page=2 How to list a keystore contents?
The difference between the keystore and truststore A keystore contains private keys, and the certificates with their corresponding public keys. You only need this if the server requires the client authentication. A truststore contains certificates of other parties that you expect to communicate with. The keystore and truststore can be the same file. However, its usually easier to manage keys if they are separate: the truststore can contain the public certificates of trusted CAs and can be shared easily, while the keystore can contain the private key and certificate of the local server and can be stored in a protected location. If your servers certificate is signed by a recognized CA, the default truststore that ships with the JRE will already trust it (because it already trusts trustworthy CAs), so you dont need to build your own, or to add anything to the one the JRE.