java - Certificate on the client's side? -

-

i have server application , client application.

the server uses https, , has .jks file. apart that, use authentication login , password.

i wonder if client side should use .cert certificate. thought client's certificate should match servers certificate, seems wrong.

i have troubles understatding topic, please understanding.

keystore

a java keystore (jks) repository of security certificates – either authorization certificates or public key certificates – used instance in ssl encryption.

  • in ibm websphere application server , oracle weblogic server, file extension jks serves keystore.
  • the java development kit maintains ca keystore in folder jre/lib/security/cacerts.

keystore comes in 2 flavors:

1. trust:
trust store contains certificates issued trust, root certificate ca.

2. identity:

  • an identity store contains own certificates , used authenticate when access external service.
  • a trust store not contain sensitive information, while identity stores contain sensitive information private keys.
  • contains demonstration private key server. keystore establishes identity server.

i wonder if client side should use .cert certificate.

if mean connect https service, should export server's ssl certificate , import in server's keystore, can import in jre/lib/security/cacerts.

client required have ssl certificate if 2 way ssl, meaning client required send ssl certificate server because server has requested same.

why required because using ssl handshake server send ssl certificate , client validate certificate trusted list of certificates present in keystore. if not validated ssl handshake cannot completed, , hence no communication can established. so, must have server's ssl certificate inside trusted store of certificates.

i thought client's certificate should match servers certificate, seems wrong.

yes, right, ssl certificates of 2 different parties different.

each party requires ssl certificate generate public-private key pair @ end , raise csr request certificate authority (ca), generate ssl certificate using provided key.

how export , import ssl certificates

to export certificate:

if can accessed using web click on https icon, view certificate , follow export commands.

if cannot accessed using web use openssl export certificate. use below command

openssl s_client -connect host:port -key our_private_key.pem -showcerts -cert our_server-signed_cert.pem

to import certificate:

use command - keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias ca_alias -keystore $java_home/jre/lib/security/cacerts

further reading on export , import:


Comments

Post a Comment

Popular posts from this blog

javascript - Chart.js (Radar Chart) different scaleLineColor for each scaleLine -

-
Image
i try , create radar chart using chart.js has various colours each scaleline, or coloured between scalelines. wondering if possible? from: to: i have working graph, though there doesn't seem method change individual scale lines. kind regards leigh you can extend radar chart type this, so chart.types.radar.extend({ name: "radaralt", initialize: function (data) { chart.types.radar.prototype.initialize.apply(this, arguments); var originalscaledraw = this.scale.draw; var ctx = this.chart.ctx; this.scale.draw = function () { var linewidth = this.linewidth; // bypasses line drawing in originalscaledraw this.linewidth = linewidth; originalscaledraw.apply(this, arguments); ctx.linewidth = this.linewidth; var scale = this; // draw chart.helpers.each(scale.ylabels, function (label, index) { // color of ...
Read more

apache - Error with PHP mail(): Multiple or malformed newlines found in additional_header -

-
suddenly have started receiving above error without changes having been made script. host 1and1 (i know...) the script still works fine on different server, , suspicion there must have been server config change has lead this, although hosts plead ignorance. there's no information on above error @ in google can find - have ideas? server running apache if helps. had similar problem. came out of blue. no php code changed. what changed: php upgraded 5.5.25-1 5.5.26. a security risk in php mail() function has been fixed , newlines in additional_headers allowed no more. because newlines mean: starts email message (and surely don't want inject newlines through headers followed evil message). what have worked fine, e.g. having newlines after headers or passing whole message additional_headers , function no more. solution : sanitize headers. no multiple newlines in additional_headers argument. these count "multiple or malformed newlines":...
Read more

java - Android – MapFragment overlay button shadow, just like MyLocation button -

-
Image
i'm struggling add shadow custom overlay button on google map. goal make custom button google's mylocation button. here's how app looks now: layout.xml <relativelayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" xmlns:map="http://schemas.android.com/apk/res-auto" android:layout_height="match_parent" android:layout_width="match_parent" style="@style/apptheme"> <fragment android:layout_width="match_parent" android:layout_height="match_parent" android:id="@+id/map" tools:context=".mapsactivity" android:name="com.google.android.gms.maps.supportmapfragment" android:layout_alignparentend="true" android:layout_alignparentstart="true" android:layout_alignparentbottom="true" ...
Read more