Sun Microsystems 5.1.1 manual TrustStores, Creating a TrustStore, Using an Existing TrustStore

Page 32

Chapter 4

Section 4.2

Operating SSL

KeyStores and TrustStores

For the following example, openssl is used to generate the PKCS12 KeyStore:

cat mykey.pem.txt mycertificate.pem.txt>mykeycertificate.pem.txt

The existing key is in the file mykey.pem.txt in PEM format. The certificate is in mycertificate.pem.txt, which is also in PEM format. A text file must be created which contains the key followed by the certificate as follows:

openssl pkcs12 -export -in mykeycertificate.pem.txt -out mykeystore.pkcs12 -name myAlias -noiter -nomaciter

This command prompts the user for a password. The password is required. The KeyStore fails to work with JSSE without a password. This password must also be supplied as the password for the eWay’s KeyStore password (see Table 8 on page 50).

This command also uses the openssl pkcs12 command to generate a PKCS12 KeyStore with the private key and certificate. The generated KeyStore is mykeystore.pkcs12 with an entry specified by the myAlias alias. This entry contains the private key and the certificate provided by the -inargument. The noiter and nomaciter options must be specified to allow the generated KeyStore to be recognized properly by JSSE.

4.2.3TrustStores

Creating a TrustStore

For demonstration purposes, suppose you have the following CAs that you trust: firstCA.cert, secondCA.cert, thirdCA.cert, located in the directory C:\cascerts. You can create a new TrustStore consisting of these three trusted certificates.

To create a new TrustStore

Use the following command:

keytool -import -file C:\cascerts\firstCA.cert -alias firstCA -keystore myTrustStore

You must enter this command two more times, but for the second and third entries, substitute secondCA and thirdCA for firstCA. Each of these command entries has the following purposes:

1The first entry creates a KeyStore file name myTrustStore in the current working directory and imports the firstCA certificate into the TrustStore with an alias of firstCA. The format of myTrustStore is JKS.

2For the second entry, substitute secondCA to import the secondCA certificate into the TrustStore, myTrustStore.

3For the third entry, substitute thirdCA to import the thirdCA certificate into the TrustStore.

Once completed, myTrustStore is available to be used as the TrustStore for the eWay.

Using an Existing TrustStore

This section explains how to use an existing TrustStore such as the default Logical Host TrustStore in the location:

HTTPS eWay Adapter User’s Guide

32

Sun Microsystems, Inc.

Page 31 Page 33
Image 32
Page 31 Page 33
Contents EWAY Https Adapter USER’S Guide Version Contents Additional SSL Section Notes Verify hostname Http Settings Proxy Configuration Security AuthenticationHttp OTD Method Descriptions Connection Pool Settings Server Mode OperationRunning the Sample Running the Sample in SSL Mode Implementing the Https eWay JCD Sample ProjectsAbout Http and Https What’s in This ChapterWeb Browser Cookies About the Https eWayHttp Messages Cookie Expiration Date Checking Sample Http Exchange in Client ModeGET and Post Methods Sample Http Exchange in Server Mode Body HtmlWhat’s New in This Release Sample Input FormAbout This Document Scope Intended AudienceText Conventions Https eWay JavadocDocumentation Feedback Related DocumentsSun Microsystems, Inc. Web Site Installing the Https eWay Https eWay System RequirementsInstalling the Https eWay on an eGate supported system After you have installed eGate or eInsight, do the followingAfter Installation Extracting the Sample Projects and JavadocsSteps to extract the Javadoc include Steps to extract the Sample Projects includeIcan 5.0 Project Migration Procedures Install Java CapsExport the Project Import the ProjectInstalling Enterprise Manager eWay Plug-Ins Viewing Alert Codes To add plug-ins from the Enterprise ManagerTo View the eWay Alert Codes Https eWay Alert CodesHTTPCLIENTEWAY-CONNECT Overview of eWay OTDs Https Client OTDHttps Server OTD Http OTD Method DescriptionsInput Server Request Node Input Server Response Node Working with the Server OTDCollaboration Example SendResponse ExampleOperating SSL OverviewHacker Https eWayKeyStores and TrustStores Generating a KeyStore and TrustStoreKeyStores Creating a KeyStore in JKS FormatTo generate a KeyStore Creating a KeyStore in PKCS12 Format Using an Existing TrustStore TrustStoresCreating a TrustStore To create a new TrustStoreSSL Handshaking EWay ClientServer Client EWay Server WebUsing the OpenSSL Utility Creating a Sample CA CertificateSigning Certificates With Your Own CA Windows OpenSSL.cnf File Example # SSLeay example properties fileChapter Section Operating SSL Using the OpenSSL Utility Copyright 1998-2001 The OpenSSL Project. All rights reserved Creating and Configuring the Https eWay Configuring the eWay Connectivity Map PropertiesTo configure the Https eWay properties To configure the Https Server eWay propertiesConfiguring the eWay Environment Properties Connectivity Map with Components ServerTo Configure the Environment Properties EWay Connectivity Map PropertiesConfiguring the Connectivity Map Https eWay Properties Https eWay Configuration Sections IncludeHttps Server eWay Configuration Sections Include Http eWay-HTTP SettingsHttp Server eWay-HTTP Server External Configuration EWay Environment PropertiesHttp Settings Environment Configuration-HTTP SettingsProxy Configuration Environment Configuration-Proxy ConfigurationProxy password SecurityName Description Required Value Proxy Port Proxy UsernameEnvironment Configuration-Security, SSL AuthenticationEnvironment Configuration-Security, Authentication Name Description Required Value Jsse Provider Class Com.sun.net.ssl.internal.ssl.PRovider Com.ibm.jsse.IBMJSSEProvidAdditional SSL Section Notes Verify hostnameDescription Required ValuesAdditional information Connection Pool SettingsEnvironment Configuration-Connection Pool Settings Setting Acceptor Threads Property for Https Server Mode Implementing the Https eWay Bpel Sample Projects EInsight Engine and ComponentsServer Mode Operation Https eWay With eInsightReceive Business Rule Designer Output Nodes Node Name DescriptionReceive Business Rule Designer Output Nodes About the Https eWay eInsight Sample Projects Importing a Sample ProjectBuilding and Deploying the prjHTTPClientBPEL Sample Project Project OverviewInput and Output Data GET Command GetSample.xmlProject Operations Post Command PostSample.xml Creating a ProjectCreating the OTD Sample DTD MultipleDataIn.dtdOTD Wizard Selection Include DTDs to Selected List Creating a Business Process OTD OptionsLogic of the Business Process Case Activity Result Business Process CasesTo create a Business Process Business Process Icons Client Business Process With Link Business Rules Client Business Rule Designer First Link Business Rule Business Rule Designer Second Link Business Rule Business Rule Designer Third Link Business Rule Business Rule Designer Case 1 Business Rule Business Rule Designer Case 2 Business Rule Decision Gate Properties Dialog Box Case Creating a Connectivity Map To create a Connectivity MapSelecting External Applications Populating the Connectivity MapDefining the Business Process To select external applicationsBinding the eWay Components Steps required to bind eWay components togetherCreating an Environment Environment Editor envHTTPClientBPELConfiguring the eWays Configuring the Https eWay PropertiesCmHTTPClient Inbound File eWay Settings CmHTTPClient Outbound File eWay SettingsConfiguring the Integration Server Creating and Activating the Deployment ProfileCreating and Starting the Domain Create and Start the DomainBuild the Project Building and Deploying the ProjectRunning the Sample ƒ postBPELHTTPS Content of postBPELHTTPS.html is Building and Deploying the prjHTTPServerBPEL Sample ProjectProject Forms Server Sample Project Original FormServer Sample Project Input Form Next step is to create the Project’s Business Process Business Process Icons for Receive and Reply Business Process Icons With Server Business Rules Business Rule Designer Server Receive Business Rule Creating a Connectivity Map Connectivity Map With Components prjHTTPServerBPEL Creating an Environment Running the Sample in SSL Mode ƒ postBPELHTTPS.html input filePermission java.util.PropertyPermission * read, write Implementing the Https eWay JCD Sample Projects About the Https eWay JCD Sample ProjectsBuilding and Deploying the prjHTTPClientJCD Sample Project Https eWay Sample Project Java Collaboration Based SampleIn DTD SampleIn.dtd Creating the Collaboration Definition Java JcdHTTPClient Collaboration Definition Part 101 Connectivity Map With Components prjHTTPClientJCD 103 Building and Deploying the prjHTTPServerJCD Sample Project ƒ Project Overview onƒ postJCEHTTPS 106 107 JcdHTTPServer Collaboration Definition Connectivity Map With Components prjHTTPServerJCD 110 ƒ postJCEHTTPS.html input file 112 Index 114
Top Page Image Contents