Introduction

There are three entities in our universe.  The "Test-CA" is the root Certificate Authority (CA).   He issues the certificates for the two end entities:  "Test-Client" (client) and "Test-Server" (server).

How the X509 Certificates were Generated Using the openssl command.

• Generating the CA's certificate.

> openssl req  -new -x509 -days 1095 -keyout ca.key -out cas.pem

Where "cas.pem" is the file name used to store the CA's x509 certificate, valid for about 3 years, and "ca.key" is file name for the CA's private key encrypted with the passphrase testing.

• Generating the client's key without encryption.

> openssl genrsa -out client.key 1024

Where "client.key" is the file name used to store  the client's key.

• Generating the client's certificate request.

> openssl req -key client.key -new -out client.req

Where "client.req" is the file name used to store  the client's certificate request.

• Have the Certificate Authority issue the certificate to the client.

> openssl x509 -req -in client.req -CA cas.pem -CAkey ca.key -CAserial \
file.srl -out client.pem -days 1095

Where "client.pem" is the file name used to store  the client's certificate x509 certificate.  The file.srl is a file that contains the serial number starting with "00".

• To view the certificate in ascii format.

> openssl x509 -in client.pem -text

• This file consists of the client's private key and its certificate chain. It is encrypted with the passphrse testing

> openssl pkcs12 -export -chain -CAfile cas.pem -out \
client.p12 -inkey client.key -in client.pem \
-name "Test Client"

• To view the P12 in ascii format.

> openssl pkcs12 -in client.p12 -info
• The steps above were repeated for the testServer.

To make sure that the p12 is generated correctly you can do the following:

(We use the defult DES encrypted key)

>openssl pkcs12 -in testClient.p12 -out testClientReadFromP12.pem

• 
  Compiling SSLServer and Client with Java1.3

  • SSLServer and Client are in Java 1.4. They both can work with Java 1.3 by changing some of the import statements. The following is an example statement needed to be changed to compile with Java 1.3:
  Compiling with Java 1.4:
  import javax.net.ssl.KeyManagerFactory;
  
  Compiling with Java 1.3:
  import com.sun.net.ssl.KeyManagerFactory;
  (This class can be found in "/usr/local/java/jsse/lib/jsse.jar".)
  
  Note: Java 1.4 SSL accepts pkcs12 files generated by openSSL. Java 1.3 SSL accepts pkcs12 files generated by Netscape, but not openSSL. To use Java 1.3 and pkcs12 files generated by openSSL, import the pkcs12 files into Netscape and export them out.
  
  Simple SSL Server and Client Example
  

  The source code consists of two java files TestServer.java and TestClient.java. After building them run make runServer to start the server and make runClient to run the client.