Steps to create Keystores and Truststores to be used in Mutual SSL authentication

Keystores are used in two different ways,
If the keystore contains private keys and public certificates that are signed by the private key which are used to authenticate themselves to the connecting party, that is called a keystore.
And if the keystore contains trusted SSL certificates, that is called a truststore.
We don’t keep private keys in a truststore.

I will be discussing the basic steps of creating PKCS12 trustores and keystores that can be used by a client and a server to authenticate via mutual SSL.

1. Create a keystore for the client

keytool -genkey -alias Client -keyalg RSA -keystore clientKeyStore.p12 -keysize 2048 -storeType PKCS12

2. Export the public cert of the client

keytool -export -keystore clientKeyStore.12 -alias Client -file client.crt

3. Create a keystore for the server

keytool -genkey -alias Server -keyalg RSA -keystore serverKeyStore.p12 -keysize 2048 -storeType PKCS12

4. Export the public cert of the server

keytool -export -keystore serverKeyStore.p12 -alias Server -file server.crt

5. Create a truststore for the client

keytool -genkey -alias ClientTrust -keyalg RSA -keystore clientTrustStore.p12 -keysize 2048 -storeType PKCS12

6. Create a truststore for the server

keytool -genkey -alias ServerTrust -keyalg RSA -keystore serverTrustStore.p12 -keysize 2048 -storeType PKCS12

7. Import the client public cert into the server truststore

keytool -import -keystore serverTrustStore.p12 -alias Client -file <path-to-client.crt>

8. Import the server public cert into the client truststore

keytool -import -keystore clientTrustStore.p12 -alias Server -file <path-to-server.crt>

9. Delete the existing private key of the server truststore

keytool -delete -alias serverTrust -keystore serverTrustStore.p12 -storepass <password>

10. Delete the existing private key of the client truststore

keytool -delete -alias clientTrust -keystore clientTrustStore.p12 -storepass <password>

Associate Technical Lead @ WSO2