Create A Secure Data Transfer Environment Step By Step - Siemens Java TC65 User Manual
Java user's guide
Hide thumbs
Also See for Java TC65:
- Hardware interface description (99 pages) ,
- User manual (69 pages) ,
- Operating instructions manual (55 pages)
Table of Contents
Advertisement
TC65 JAVA User's Guide
Strictly confidential / Released
11.1.1
Create a Secure Data Transfer Environment Step by Step
The following steps describe the creation of the configuration:
• Java Security Mode is activated (see 11.2.1 Change to Secured Mode)
• Certificate verification is activated for a data connection (HTTPS or SecureConnection)
The steps described below use the cygwin + openssl environment (for installation see
http://www.cygwin.com/, the openssl documentation can be found here
http://www.openssl.org/docs/apps/openssl.html)
1. Create CA and generate CA Root Certificate
-
We need certificates with sha1 signature. Java Security supports a sha1
signature of the certificate only.
Add the parameter "-sha1" to the command "Making CA certificate ..." in the
section of file CA.pl (cygwin location "\cygwin\usr\ssl\misc")
-
create a shell (use location \cygwin\usr\ssl\misc)
-
execute commands
>perl CA.pl –newca
-
convert file format from PEM to DER
CA certificate cacert.pem
>openssl x509 -in ./demoCA/cacert.pem -inform PEM
CA private key file cakey.pem
>openssl pkcs8 -in ./demoCA/private/cakey.pem
2. Create server certificate and java keystore
-
execute command
>keytool -genkey -alias server -keypass keypass
the field "name" of the certificate is the domain name or the IP address
of the server
3. Create certificate request for server certificate
-
execute command
>keytool -certreq -alias server -file server.csr
4. Sign certificate request by CA
-
execute command
>openssl ca -in server.csr -out server.pem
-
convert file format from PEM to DER
>openssl x509 -in server.pem -inform PEM
5. Import CA root certificate and CA private key into java keystore
-
Use the CA Root Certificate for the creation of Java Security Command
(see chapter 11.5.3)
-
execute command
>java -jar setprivatekey.jar -alias dummyca
TC65 JAVA User's Guide_V05
-out ./demoCA/cacert.der -outform DER
-inform PEM
-out ./demoCA/private/cakey.der
-outform DER -nocrypt -topk8
-keystore customer.ks -storepass keystorepass
-sigalg SHA1withRSA -keyalg RSA
-keypass keypass
-keystore customer.ks -storepass keystorepass
–out server.der -outform DER
-storepass keystorepass -keystore customer.ks
-keypass cakeypass
Page 72 of 90
s
26.09.2005
Advertisement
Table of Contents
