Sun Microsystems 5.1.1 manual KeyStores and TrustStores, Generating a KeyStore and TrustStore

Page 29

Chapter 4

Section 4.2

Operating SSL

KeyStores and TrustStores

4.2KeyStores and TrustStores

As depicted in Figure 8, JSSE makes use of files called KeyStores and TrustStores. The KeyStore is used by the eWay for client authentication, while the TrustStore is used to authenticate a server in SSL authentication.

ƒA KeyStore consists of a database containing a private key and an associated certificate, or an associated certificate chain. The certificate chain consists of the client certificate and one or more certification authority (CA) certificates.

ƒA TrustStore contains only the certificates trusted by the client (a “trust” store). These certificates are CA root certificates, that is, self-signed certificates. The installation of the Logical Host includes a TrustStore file named cacerts.jks in the location:

<c:\JavaCAPS>\logicalhost\is\domains\<MyDomain>\config

where <c:\JavaCAPS> is the directory where the Sun Java Composite Application Platform Suite is installed and <MyDomain> is the name of your domain. This file is recommended as the TrustStore for the HTTPS eWay.

Both KeyStores and TrustStores are managed by means of a utility called keytool, which is a part of the Java SDK installation.

4.2.1Generating a KeyStore and TrustStore

This section explains steps on how to create both a KeyStore and a TrustStore (or import a certificate into an existing TrustStore such as the default Logical Host TrustStore in the location:

<c:\JavaCAPS>\logicalhost\is\domains\<MyDomain>\config\cacert

s.jks

where <c:\JavaCAPS> is the directory where the Sun Java Composite Application Platform Suite is installed and <MyDomain> is the name of your domain. The primary tool used is keytool, but openssl is also used as a reference for generating pkcs12 KeyStores.

For more information on openssl, and available downloads, visit the following Web site:

http://www.openssl.org.

4.2.2KeyStores

This section explains how to use KeyStores.

Creating a KeyStore in JKS Format

This section explains how to create a KeyStore using the JKS format as the database format for both the private key, and the associated certificate or certificate chain. By default, as specified in the java.security file, keytool uses JKS as the format of the key and certificate databases (KeyStore and TrustStores). A CA must sign the certificate

HTTPS eWay Adapter User’s Guide

29

Sun Microsystems, Inc.

Page 28 Page 30
Image 29
Page 28 Page 30
Contents EWAY Https Adapter USER’S Guide Version Contents Additional SSL Section Notes Verify hostname Http Settings Proxy Configuration Security AuthenticationHttp OTD Method Descriptions Server Mode Operation Connection Pool SettingsImplementing the Https eWay JCD Sample Projects Running the Sample Running the Sample in SSL ModeWhat’s in This Chapter About Http and HttpsWeb Browser Cookies About the Https eWayHttp Messages Cookie Expiration Date Checking Sample Http Exchange in Client ModeGET and Post Methods Body Html Sample Http Exchange in Server ModeSample Input Form What’s New in This ReleaseAbout This Document Intended Audience ScopeText Conventions Https eWay JavadocDocumentation Feedback Related DocumentsSun Microsystems, Inc. Web Site Https eWay System Requirements Installing the Https eWayAfter you have installed eGate or eInsight, do the following Installing the Https eWay on an eGate supported systemExtracting the Sample Projects and Javadocs After InstallationSteps to extract the Javadoc include Steps to extract the Sample Projects includeInstall Java Caps Ican 5.0 Project Migration ProceduresExport the Project Import the ProjectInstalling Enterprise Manager eWay Plug-Ins To add plug-ins from the Enterprise Manager Viewing Alert CodesTo View the eWay Alert Codes Https eWay Alert CodesHTTPCLIENTEWAY-CONNECT Https Client OTD Overview of eWay OTDsHttp OTD Method Descriptions Https Server OTDInput Server Request Node Working with the Server OTD Input Server Response NodeSendResponse Example Collaboration ExampleOverview Operating SSLHttps eWay HackerGenerating a KeyStore and TrustStore KeyStores and TrustStoresKeyStores Creating a KeyStore in JKS FormatTo generate a KeyStore Creating a KeyStore in PKCS12 Format TrustStores Using an Existing TrustStoreCreating a TrustStore To create a new TrustStoreSSL Handshaking EWay ClientServer Server Web Client EWayCreating a Sample CA Certificate Using the OpenSSL UtilitySigning Certificates With Your Own CA # SSLeay example properties file Windows OpenSSL.cnf File ExampleChapter Section Operating SSL Using the OpenSSL Utility Copyright 1998-2001 The OpenSSL Project. All rights reserved Configuring the eWay Connectivity Map Properties Creating and Configuring the Https eWayTo configure the Https Server eWay properties To configure the Https eWay propertiesConnectivity Map with Components Server Configuring the eWay Environment PropertiesEWay Connectivity Map Properties To Configure the Environment PropertiesHttps eWay Configuration Sections Include Configuring the Connectivity Map Https eWay PropertiesHttps Server eWay Configuration Sections Include Http eWay-HTTP SettingsEWay Environment Properties Http Server eWay-HTTP Server External ConfigurationEnvironment Configuration-HTTP Settings Http SettingsEnvironment Configuration-Proxy Configuration Proxy ConfigurationSecurity Proxy passwordName Description Required Value Proxy Port Proxy UsernameEnvironment Configuration-Security, SSL AuthenticationEnvironment Configuration-Security, Authentication Com.sun.net.ssl.internal.ssl.P Name Description Required Value Jsse Provider ClassRovider Com.ibm.jsse.IBMJSSEProvidVerify hostname Additional SSL Section NotesDescription Required ValuesAdditional information Connection Pool SettingsEnvironment Configuration-Connection Pool Settings Setting Acceptor Threads Property for Https Server Mode EInsight Engine and Components Implementing the Https eWay Bpel Sample ProjectsHttps eWay With eInsight Server Mode OperationReceive Business Rule Designer Output Nodes Node Name DescriptionReceive Business Rule Designer Output Nodes Importing a Sample Project About the Https eWay eInsight Sample ProjectsProject Overview Building and Deploying the prjHTTPClientBPEL Sample ProjectInput and Output Data GET Command GetSample.xmlProject Operations Creating a Project Post Command PostSample.xmlCreating the OTD Sample DTD MultipleDataIn.dtdOTD Wizard Selection Include DTDs to Selected List OTD Options Creating a Business ProcessLogic of the Business Process Case Activity Result Business Process CasesTo create a Business Process Business Process Icons Client Business Process With Link Business Rules Client Business Rule Designer First Link Business Rule Business Rule Designer Second Link Business Rule Business Rule Designer Third Link Business Rule Business Rule Designer Case 1 Business Rule Business Rule Designer Case 2 Business Rule Decision Gate Properties Dialog Box Case To create a Connectivity Map Creating a Connectivity MapPopulating the Connectivity Map Selecting External ApplicationsDefining the Business Process To select external applicationsSteps required to bind eWay components together Binding the eWay ComponentsEnvironment Editor envHTTPClientBPEL Creating an EnvironmentConfiguring the Https eWay Properties Configuring the eWaysCmHTTPClient Inbound File eWay Settings CmHTTPClient Outbound File eWay SettingsCreating and Activating the Deployment Profile Configuring the Integration ServerCreate and Start the Domain Creating and Starting the DomainBuild the Project Building and Deploying the ProjectRunning the Sample Building and Deploying the prjHTTPServerBPEL Sample Project ƒ postBPELHTTPS Content of postBPELHTTPS.html isServer Sample Project Original Form Project FormsServer Sample Project Input Form Next step is to create the Project’s Business Process Business Process Icons for Receive and Reply Business Process Icons With Server Business Rules Business Rule Designer Server Receive Business Rule Creating a Connectivity Map Connectivity Map With Components prjHTTPServerBPEL Creating an Environment ƒ postBPELHTTPS.html input file Running the Sample in SSL ModePermission java.util.PropertyPermission * read, write About the Https eWay JCD Sample Projects Implementing the Https eWay JCD Sample ProjectsBuilding and Deploying the prjHTTPClientJCD Sample Project Https eWay Sample Project Java Collaboration Based SampleIn DTD SampleIn.dtd Creating the Collaboration Definition Java JcdHTTPClient Collaboration Definition Part 101 Connectivity Map With Components prjHTTPClientJCD 103 ƒ Project Overview on Building and Deploying the prjHTTPServerJCD Sample Projectƒ postJCEHTTPS 106 107 JcdHTTPServer Collaboration Definition Connectivity Map With Components prjHTTPServerJCD 110 ƒ postJCEHTTPS.html input file 112 Index 114
Top Page Image Contents