sslsetup

NAME

sslsetup command line tool to setup keystore and environment for SSL communication.

SYNOPSIS

						sslsetup ss-certs
					

Creates keystore and truststore for client and server programs with self-signed certificates.

						sslsetup cs-certs
					

Creates keystore and truststore for client and server programs with CA signed certificates. The assumption is that a CA has been setup using the JSTK tool certtool.

						sslsetup server-env
					

Sets environment variable JSTK_OPTS so that appropriate system properties are passed to the JVM on invoking "ssltool server" command.

						sslsetup client-env
					

Sets environment variable JSTK_OPTS so that appropriate system properties are passed to the JVM on invoking "ssltool client" command.

DESCRIPTION

The tool sslsetup is a simple script to automate a long sequence of keytool and certtool commands to create keystore and truststore files for client and server programs, and to set environment variable JSTK_OPTS with proper system property definitions. In this regard, sslsetup is nothing but a convenient shortcut to save typing. Look at the script file in the bin directory of JSTK distribution for what it really does under the hood.

Files created by “sslsetup ss-certs" or "sslsetup cs-certs" command:

server.ks: Stores the server's certificate with the corresponding private key.

client.ks: Stores the client's certificate with the corresponding private key.

server.ts: Stores the client's or issuer's (in case of CA signed) certificate.

client.ks: Stores the server's or issuer's (in case of CA signed) certificate.

All files are JCEKS type keystore files with password changeit.

Value of JSTK_OPTS set by “sslsetup server-env" command:

-Djavax.net.ssl.keyStore=server.ks -Djavax.net.ssl.keyStoreType=JCEKS 
-Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore 
=server.ts -Djavax.net.ssl.trustStoreType=JCEKS

Value of JSTK_OPTS set by “sslsetup server-env" command:

-Djavax.net.ssl.keyStore=client.ks -Djavax.net.ssl.keyStoreType=JCEKS 
-Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore 
=client.ts -Djavax.net.ssl.trustStoreType=JCEKS

KNOWN BUGS/LIMITATIONS

It is not possible to specify the signature algorithm (RSA or DSA) and keysize during certificate generation.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.110.32