NAME
sslsetup— command line tool to setup keystore and environment for SSL communication.
SYNOPSIS
sslsetup ss-certs
Creates keystore and truststore for client and server programs with self-signed certificates.
sslsetup cs-certs
Creates keystore and truststore for client and server programs with CA signed certificates. The assumption is that a CA has been setup using the JSTK tool certtool.
sslsetup server-env
Sets environment variable JSTK_OPTS so that appropriate system properties are passed to the JVM on invoking "ssltool server" command.
sslsetup client-env
Sets environment variable JSTK_OPTS so that appropriate system properties are passed to the JVM on invoking "ssltool client" command.
DESCRIPTION
The tool sslsetup is a simple script to automate a long sequence of keytool and certtool commands to create keystore and truststore files for client and server programs, and to set environment variable JSTK_OPTS with proper system property definitions. In this regard, sslsetup is nothing but a convenient shortcut to save typing. Look at the script file in the bin directory of JSTK distribution for what it really does under the hood.
Files created by “sslsetup ss-certs" or "sslsetup cs-certs" command:
server.ks: Stores the server's certificate with the corresponding private key.
client.ks: Stores the client's certificate with the corresponding private key.
server.ts: Stores the client's or issuer's (in case of CA signed) certificate.
client.ks: Stores the server's or issuer's (in case of CA signed) certificate.
All files are JCEKS type keystore files with password changeit.
Value of JSTK_OPTS set by “sslsetup server-env" command:
-Djavax.net.ssl.keyStore=server.ks -Djavax.net.ssl.keyStoreType=JCEKS -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore =server.ts -Djavax.net.ssl.trustStoreType=JCEKS
Value of JSTK_OPTS set by “sslsetup server-env" command:
-Djavax.net.ssl.keyStore=client.ks -Djavax.net.ssl.keyStoreType=JCEKS -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore =client.ts -Djavax.net.ssl.trustStoreType=JCEKS
KNOWN BUGS/LIMITATIONS
It is not possible to specify the signature algorithm (RSA or DSA) and keysize during certificate generation.
3.144.110.32