ARTICLE AD BOX
I am developing two Java applications, one a server and one a client. They communicate via SSL thanks to JSSE.
Eventually, the server will have a certificate issued by a trusted authority, and if I understand JSSE, that means the client should be able to connect without any special configuration.
In the mean time, during development, I will run both server and client on the same computer, and they will connect on localhost. I'd like to generate a self-signed certificate in the Java default key store and trust store (cacerts). FWIW, I am doing this on Docker, so I'm not permanently adding these certificates to my actual system.
I am using the following command to generate the key pair:
keytool -genkeypair -storepass changeit -alias test -keyalg RSA -validity 365 -dname "CN=, OU=, O=, L=, ST=, C="This is not enough. My client still is not able to complete the SSL handshake.
I have tried these commands after the above:
keytool -exportcert -storepass changeit -alias test -file test.cer keytool -importcert -storepass changeit -alias test -file test.cerHowever, this causes an error:
keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identicalThis suggests that the pair is already in cacerts without the need to export and import the key; however just generating the key pair doesn't work.
What am I doing wrong? My goal is to be able to run my server and client on localhost and have them communicate via SSL while only using the default system key and trust stores.
I am aware that I can create a local server key store and local client trust store file and then use them via JVM arguments like -Djavax.net.ssl.keyStore and -Djavax.net.ssl.keyStorePassword, etc. I do not want to use this solution for two reasons. First, I doesn't mirror the commands I'll use when actually running the client once I'm finished. Second, it makes the run command overly verbose.
