Purpose
The purpose of this repo is to provide SSL for JVM example keeping it as simple as possible.
How to use
CA
We trust CA which is located in directory ca - because we have to trust someone :)
CA signs CSRs using script ./ca/sign_by_ca.sh.
Usage:
./ca/sign_by_ca.sh csr.file
Server
Generate server key
openssl genrsa -aes256 -out server.key 4096Generate server CSR
openssl req -new -sha256 -key server.key -out server.csr
> Common Name (e.g. server FQDN or YOUR name) []:localhost Sign with CA
./ca/sign_by_ca.sh server.csrMerge certificate and private key
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12Copy crt to application
cp server.p12 server/src/main/resources/Set cert password (server/src/main/resources/application.properties)
server.ssl.key-store-password=Import CA file to truststore
keytool -import -keystore truststore.jks -alias ca -file ca/ca.crtClient
Generate client key
openssl genrsa -aes256 -out client.key 4096Generate client CSR
openssl req -new -sha256 -key client.key -out client.csrSign client
./ca/sign_by_ca.sh client.csrBuild PKCS#12 certificate
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12Testing
Run server
./gradlew :server:runRun client (in another terminal)
./gradlew :client:run -PappArgs="['../client.p12', 'YOUR PASSWORD HERE']" -q