3 ssl handshaking, Ssl handshaking – Sun Microsystems 5.1.1 User Manual
Page 33
Chapter 4
Section 4.3
Operating SSL
SSL Handshaking
HTTPS eWay Adapter User’s Guide
33
Sun Microsystems, Inc.
<c:\JavaCAPS>\logicalhost\is\domains\<MyDomain>\config\cacert
s.jks
where <c:\JavaCAPS> is the directory where the Sun Java Composite Application
Platform Suite is installed and <MyDomain> is the name of your domain. The primary
tool used is keytool, but openssl is also used as a reference for generating pkcs12
KeyStores.
Notice that in the previous section, steps 2 and 3 were used to import two CAs into the
TrustStore created in step 1. For example, suppose you have a trusted certificate file
named: C:\trustedcerts\foo.cert and want to import it to the trustedcacertsjks
TrustStore.
If you are importing certificates into an existing TrustStore, use:
keytool -import -file C:\cacerts\secondCA.cert -alias secondCA
-keystore trustedcacertsjks
Once you are finished, trustedcacertsjks can be used as the TrustStore for the eWay.
4.3
SSL Handshaking
There are two options available for setting up SSL connectivity with a Web server:
Server-side Authentication
: The majority of eCommerce Web sites on the Internet
are configured for server-side authentication. The eWay requests a certificate from
the Web server and authenticates the Web server by verifying that the certificate can
be trusted. Essentially, the eWay performs this operation by looking into its
TrustStore for a CA certificate with a public key that can validate the signature on
the certificate received from the Web server. This option is illustrated in Figure 9.