https://stackoverflow.com/questions/19710794
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianAs ntoskrnl commented, this is hard to do exactly right, even by the experts.
Here is a basic high-level look at the PKI you will need for an SSL connection:
- A CA root key and corresponding self-signed certificate.
- An intermediate CA key and certificate signed by the CA root key (this is optional).
- A server identity key and certificate signed by either the intermediate CA or the CA root.
- A client identity key and certificate signed by some CA that the server trusts. For your academic work, you may want this CA to be the same as the one you created. The client identity is only needed if you want to have 2-way (mutual) SSL, where the server authenticates the client.
A web service that is running on something like Tomcat that can be configured for SSL. On the server side, the identity would point to the server key certificate. For 2-way SSL, there would also be a list or keystore of trusted CA certs on the server. Unless a client's certificate was signed by one of those trusted CAs, the server would not allow the client to connect.
On the client side, you would also need a list or keystore of trusted CA certs, and the server's certificate would have to be signed by one of those CAs. The client ID key and certificate and trust keystore would be used by Java when establishing an SSL connection. If you search Stack Overflow, you should find plenty of Java SSL connection examples.
To create the PKI, OpenSSL is a good tool to use. Here is one helpful website:
https://pki-tutorial.readthedocs.org/en/latest/simple/index.html
For a key and its corresponding certificate, you first create a private key, then create a certificate signing request (CSR). The CSR is then signed by a CA key, and becomes a certificate. The certificate contains the public key that corresponds to the private key used to create the CSR.
For MAC, there's a Java example of HMAC here: HMAC-SHA1: How to do it properly in Java?
