# Create the server and application client key stores and certificates
keytool -genkeypair -alias serverkey -keyalg RSA -keysize 2048 -dname "CN=Server,OU=Application Development,O=Home,L=Auckland,S=AK,C=NZ" -keypass 123456 -storepass 123456 -keystore server.jks
keytool -genkeypair -alias clientkey -keyalg RSA -keysize 2048 -dname "CN=Client,OU=Application Development,O=Home,L=Auckland,S=AK,C=NZ" -keypass 123456 -storepass 123456 -keystore client.jks
# Copy the client's public certificate to the server's keystore
keytool -exportcert -keystore d:\client.jks -storepass 123456 -file d:\client-public.cer -alias clientkey
keytool -importcert -keystore d:\server.jks -storepass 123456 -file d:\client-public.cer -alias clientcert -noprompt
# Take a peek at the server's keystore to make sure that the client's certificate is there
keytool -v -list -keystore d:\server.jks -storepass 123456
# Copy the server's public certificate to the client's keystore
keytool -exportcert -keystore d:\server.jks -storepass 123456 -file d:\server-public.cer -alias serverkey
keytool -importcert -keystore d:\client.jks -storepass 123456 -file d:\server-public.cer -alias servercert -noprompt
# Take a peek at the client's keystore to make sure that the client's certificate is there
keytool -v -list -keystore d:\client.jks -storepass 123456
# Create a browser keystore most browsers can read easily
keytool -importkeystore -srckeystore d:\client.jks -srcstorepass 123456 -srcalias clientkey -destkeystore d:\client.p12 -deststoretype PKCS12 -deststorepass 123456 -destalias clientkey -noprompt
# Take a peek at the browser's keystore to make sure that the client's certificate is there
keytool -v -list -keystore d:\client.p12 -storetype pkcs12 -storepass 123456
keytool -importcert -trustcacerts -alias clientkey -keystore D:\sslkeys\client.jks -file D:\sslkeys\cacert.pem
by using the above commands i created client and server certificates.
in application web.xml
fallowing security securtiy constarint was given
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Task Services</web-resource-name>
<url-pattern>/rest/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
in
Tomcat server server.xml
<Connector clientAuth="false" port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="D:/sslkeys/client.jks" keystoreType="JKS" keystorePass="123456"
truststoreFile="D:/sslkeys/server.jks" truststoreType="JKS" truststorePass="123456"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"
sslProtocol="SSL"
allowUnsafeLegacyRenegotiation="true"
/>
I am getting
https://.....while giving request. but i am getting socket error exception.
please some body give me the solution