Hi Guys,
I'm trying to implement a simple HTTPS command-line client and rapidly realize I don't fully understand the whole SSL mechanism and how it interacts with the underlying OS.
I am using JSDK 1.5 so have jsse.jar installed. This is really more a question about using keytool and certificates so please bear with me.
In order to enable HTTPS on
tomcat, I did this:
keytool -genkey -alias tomcat -keyalg RSA
My understanding is that this generates a self-signed certificate in the .keystore file in my home directory. Tomcat is using the defauly passwords so after enabling the SSL connector and restarting Tomcat, it comes up ok.
So the default tomcat implementation uses the certificate in the .keystore file in the home directory under which the tomcat user has been installed.
If I point a webrowser at a
servlet I have running on tomcat (using https on default port 8443), I get prompted whether I want to accept the certificate and then and then can access the servlet ok. So I believe tomcat is setup ok.
The client I am using uses an HttpsURLConnection but I found it uses a different keystore, one in ${JAVA_HOME}/jre/lib/securitycacerts.
So am I right in thinking I need to put the certificate in this file ? If so, I used:
keytool -export -class tomcat -file tomcat.cert
To export the certifuicate from my default .keystore file. Then I need to import it into the cacerts file:
keytool -import -alias tomcat -keystore ${JAVA_HOME}/jre/lib/securitycacerts -file tomcat.cert
Could someone confirm that this is the correct procedure or am I talking out of my hat here ??
Thanks,
Clive