I want to establish a client-server communication using TLS protocol. The point is I dont understand a few things since I don't know many oner security. I have created certificates for my server and a certificate for a specific client. First of all, do I have to create a certificate for any other new client? Second, in some examples in web I have found code that uses keystore. Do I need keyes even though I have certificates? Thank you very much.
1 Answers
Certificates are used to prove the authenticity of a given computer. TLS is just used to encrypt the data.
If you want to prove the authenticity of the Server(which you want to, atleast in most cases) then create and use a Certificate for the Server, this requires that each client connecting to the server should somehow be able to verify the Certificate of the server.
If you want to verify the authenticity of each of the clients, then you need to create a unique certificate for each client and then verify the certificates of each client in the server.
A keystore is just a list of Certificates that are used to verify a given certificate. for instance a client will use a keystore to verify the certificate of the server.
This Thread explains how the Certificates are Verified.
-
Thank you! That means that I need to use keystores in my code along with certificates? – elli Oct 25 '15 at 15:23
-
1yes, you have to. Note that operating systems like windows also maintain a Keystore which could be used. I'm not a Java expert, so I do not know the details of how to implement a keystore for Java, or if Java can utilize the keystore in the OS. but this might help - http://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html. – JOW Oct 26 '15 at 09:45