wood burning stoves 2.0*
The moose likes Security and the fly likes OpenSSL | 256 bit encryption Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "OpenSSL | 256 bit encryption" Watch "OpenSSL | 256 bit encryption" New topic

OpenSSL | 256 bit encryption

Sandy Saahil

Joined: Apr 06, 2006
Posts: 9
Hi Friends,

I am bit confused around generating self signed 256 bit encryption certificate. Kindly help. This is what I did

1) Created the private key with 256 bit AES encryption by using this command on openSSL
genrsa -aes256 -out C:\ssl\certificate\privkey.key 4096

2) Create the certificate using the key generated
req -new -x509 -config C:\ssl\openssl.cnf -key C:\ssl\certificate\privkey.key -out C:\ssl\certificate\newcert.pem -days 365

3) Exported certificate and key to P12 format
pkcs12 -config C:\ssl\openssl.cnf -export -in C:\ssl\certificate\newcert.pem -inkey C:\ssl\certificate\privkey.key -out C:\ssl\certificate\newcert.p12

4) Using java keytool, imported this P12 file to keystore
keytool -v -importkeystore -srckeystore C:\ssl\certificate\newcert.p12 -srcstoretype PKCS12 -destkeystore C:\ssl\moretry\sands.jks -deststoretype JKS

5) Configured JBoss server.xml to pick this keystore with correct keystorePass

Now when I try to access the localhost, I am able to see the screen with certificate but the encryption still show 128 bit encryption (attached). Kindly let me know if I am missing anything.


[Thumbnail for screenshot.PNG]

Keep Faith
Anish Nath

Joined: Sep 21, 2011
Posts: 23
wood burning stoves
subject: OpenSSL | 256 bit encryption
Similar Threads
[Update - Success] Adding SSL certificate to Server.xml
converting jks to p12 certificate
cant get ssl to work with tomcat
Tomcat SSL .Enabling Client authentication with tomcat
Queries on role of files .keystore and CAKey.pem while moving the site to https?