File format/content point of view, there absolutely no difference between KeyStore and TrustStore because it is actually a KeyStore you would be marking as TrustStore for Java Security library to use.
This is how the SSL certificates and Java applications work.
1. When you connect to a SSL server, java application asks the server to send its certificate
2. Client checks if the certificate is valid (like signature, validity date etc)
3. If step 2 validates successfully, java client validate if the issuer of the certificate can be trusted. This is where the trust store comes into picture. Java, by default, goes to
4. In theory, to test your ssl application in test mode, you can add the server certificate (given by your admin) to the default cacerts (which is very very bad approach) or create a new trust store with that certificate and use that in your application (this is preferred approach)
5. Refer to http://exampledepot.com/egs/javax.net.ssl/Client.html which explains how to use your own keystore as TrustStore.
You can use keytool -import command to create a new keystore, by importing the certificate. Check out http://exampledepot.com/egs/java.security.cert/ImportCert.html
No comments:
Post a Comment