-Djavax.net.ssl.trustStore is to declare the keystore file which trusts the certificate of the remote site. It guarantee that the remote server is the server it claims to be.
-Djavax.net.ssl.keyStore is to provide the private key to encrypt the data which is sent to server. It guarantee that the client is the client it claims to be.
A keystore file can save both private key or trusted certificate (public key).
private key –> encryption
public key –> decryption
If JVM see the argument -Djavax.net.ssl.keyStore, JVM only cares the private keys saved in that keystore file.
If -Djavax.net.ssl.trustStore, JVM only cares the certificates saved in the keystore file.
If you are creating a java client to connect a HTTPS server, you should use -Djavax.net.ssl.trustStore.
If dual authentication is required, you need use both.
The command line argument for trust keystore password is -Djavax.net.ssl.trustStorePassword
For example
java -Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=123456 MyApp-Djavax.net.ssl.trustStorePassword is the password argument for -Djavax.net.ssl.keyStore
No comments:
Post a Comment