Skip to content
/ keytool-local-trust Public

A Makefile recipe to wip up an https ready Java keystore and truststore

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tomjkidd/keytool-local-trust

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
scripts
scripts
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Keytool Local Trust

A Makefile recipe to wip up an https ready Java keystore and truststore

Usage

Make sure the Java keytool command-line tool is available on your path

This repo provides a Makefile that goes through the complete set of steps necessary to produce a PKCS12 keystore and truststore capable of being used to get local https working right away.

Just run make

make

This should produce a bunch of files, so lets talk about the mental model...

Mental model

  • The 'root' keystore serves as a mini Certificate Authority (CA)
  • The 'server' keystore and truststore serve as the Java keystore and truststore, respectively, to use for a webserver
  • The goal is to create a CA Root Certificate and a server Certificate, signed by that CA (both managed as PEM files).

Once we have the certificates, we can:

  • Load the server private key and server certificate into the keystore to allow the server to serve requests
  • Load the root and server certificates into the truststore so the server will trust them
  • Load the root and server certificates into our system keychain (OSX) so client software (Google Chrome) will trust them

Now, let's look at the files created previously by running make

tree
.
├── Makefile
├── README.md
├── keystore.jks
├── root.jks
├── root.pem
├── server.crt
├── server.csr
├── server.pem
└── truststore.jks

0 directories, 9 files
  • Makefile: The makefile, take a look at the targets!
  • README.md: This file
  • keystore.jks: The default server keystore, with the server private key and signed certificate. Ready to use with a Java app.
  • root.jks: The default root keystore, with the root private key
  • root.pem: The root certificate, to be installed for trust chain
  • server.crt: The server certificate, signed by the root.jks
  • server.csr: The server certificate signing request, presented to root.jks to sign
  • server.pem: The signed server certificate, to be installed for trust chain
  • truststore.jks: The default server truststore, with the signed server certificate and the root certificate. Ready to use with a Java app.

Run clean to remove all the files

make clean

OSX make targets

I use OSX for most of my development, so there are some make targets sprinkled in that can help you add and remove the root/server PEM to your OSX keychain, but these aren't run implicitly.

About

A Makefile recipe to wip up an https ready Java keystore and truststore

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages