The bash script included in this directory helps to generate keystore and truststore for the server.
Usage
In linux or mac machines, use JAVA_HOME=<path-to-your_JAVA_HOME> bash generate-keys-and-certs-one-way-tls.sh
In windows machines, the keytool commands in the shell script would be similar but requies modification according to windows OS.
Steps followed in generating of keys:
Step 1: A keystore 'server.keystore' is generated which has private key, public key and self-signed certificate.
Step 2: Export only the certificate from keystore generated in step 1
Step 3: Generate a trustore 'server.truststore' which has the certificate from step 2. A truststore is also a type of keystore.
Keytool
This example uses a tool called keytool which is bundled in java distribution package like OpenJDK
Truststore
The truststore may be required if you do not want to use the default java truststore which is a file called cacerts located in your java installation.
Subject Alternative Name
SAN or Subject Alternative name used in the script can be removed if CN is changed to localhost. SAN is required to provide IP address or DNS names when two or more java applications residing in different hosts want to talk to each other. SAN takes precedence over values specified in CN if specified. If SAN is not specified CN should match the host name of the server.
Servers
There are several open source servlet servers with which you can use these keystores and enable https. The most common one being tomcat. Other popular ones include jetty, jboss, undertow to name a few.
Microservice oriented frameworks like springboot which internally use popular servers can also be used to test TLS.
A servlet based application is required to host it in servers to test https.