This section deals with Secure Socket Layer (SSL) tools . These tools help with management and storage of certificates and keys used in SSL.
Applicable in CAST Version
See the sections below for information on these tools:
- A Java keystore maintains keys and certificates in a secure manner in a repository.
- keytool is a Java utility that is part of the Java JDK which allows for performing tasks on a Java keystore.
- Basic operations are:
- listing contents (keytool -list)
- Example: keytool -list -keystore <keystore_path>
- importing certificates (keytool -import)
- Example for importing into root certificates - see documentation below for further information: keytool -import -trustcacerts -file <certificate_path> -alias <alias_name> -keystore <keystore_path>
- exporting certificates (keytool - export)
- Example: keytool -export -file <export_path> -alias <alias_name> -keystore <keystore_path>
- Deleting certificates (keytool -delete)
- Example: keytool -delete -alias <alias_name> -keystore <keystore_path>
- generating certificates (see documentation below to fully understand the options)
For further information, please see: https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html
- Openssl is a command line tool that generally needs to be compiled or added to an operation system
- Openssl is used in encryption
- It can be used to manipulate certificates and/or create certain kinds of certificates (for example to convert a *.crt file and private key into a *.pk7 certificate)
For further information, please see: https://www.openssl.org/docs/man3.0/man1/openssl.html