Scribd Logo
Upload

Welcome to Scribd!

  • One-way and two-way TLS

    Uploaded by

    maheshreddy042619
    3 views2 pages
    One-way and two-way TLS stepas

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    One-way and two-way TLS stepas

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views2 pages

    One-way and two-way TLS

    Uploaded by

    maheshreddy042619
    One-way and two-way TLS stepas

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    #####ONE WAY TLS#####

    Clients will send Hello and request for the resources on the secure HTTPS protocol.
    The server will respond with its public certificate (.crt) and send Hello.
    The client will verify the server public certificate in its truststore.
    The client sends back symmetric session key generated using the server public
    certificate.
    The server will decrypt the symmetric session key using its private certificate and
    send back the encrypted session key to the client for establishing a secure
    connection.

    1. Create Server Keystore


    keytool -genkey -alias mule-server -keyalg RSA -keystore server-keystore.jks

    2. Extract public key and certificate from server keystore


    keytool -export -alias mule-server -keystore server-keystore.jks -file server-
    trust.crt

    3. Add the server certificate to Client Truststore


    keytool -import -alias mule-server -keystore client-truststore.jks -file
    server-trust.crt

    /serer-app/src/main/resources/certs/server-keystore.jks

    #####TWO WAY TLS#####


    Clients will send Hello and request for the resources on the secure HTTPS protocol.
    The server will respond with its public certificate (.crt) and send Hello.
    The client will verify the server public certificate in its truststore.
    The client sends back symmetric session key generated using the server public
    certificate.
    The server will decrypt the symmetric session key using the server private
    certificate and request for the client certificate.
    The client will send its public certificate to the server and the server will
    verify the client public certificate in the server truststore.
    The server will generate a session key and encrypt using the client public
    certificate and send it to the client.
    The client will decrypt the session key using client private certificate and this
    way the key exchange between client and server. It will establish secure
    communication between client and server.

    1. Create Server Keystore


    keytool -genkey -alias mule-server -keysize 2048 -keyalg RSA -keystore
    C:/Certificates/server-keystore.jks

    2. Extract public key and certificate from server keystore


    keytool -export -alias mule-server -keystore C:/Certificates/server-
    keystore.jks -file C:/Certificates/server_public.crt

    3. Add the server certificate to Client Truststore


    keytool -import -alias mule-client-public -keystore C:/Certificates/client-
    truststore.jks -file C:/Certificates/server_public.crt

    4. Generate Client Keystore


    keytool -genkey -alias mule-client -keysize 2048 -keyalg RSA -keystore
    C:/Certificates/client-keystore.jks

    5. Extract public key and certificate from client keystore


    keytool -export -alias mule-client -keystore C:/Certificates/client-
    keystore.jks -file C:/Certificates/client_public.crt

    6. Add the server certificate to Server Truststore


    keytool -import -alias mule-server-public -keystore C:/Certificates/server-
    truststore.jks -file C:/Certificates/client_public.crt

    You might also like