This module contains articles about X.509 authentication with Spring Security
Relevant Articles: X.509 Authentication in Spring Security https://www.baeldung.com/x-509-authentication-in-spring-security
You can follow the article step by step and generate all the needed files by yourself. Certificates can be created as below
openssl path = "D:\softwares\openssl-0.9.8k_X64\bin\openssl.exe"
openssl req -x509 -config "D:\softwares\openssl-0.9.8k_X64\openssl.cnf" -sha256 -days 3650 -newkey rsa:4096 -keyout rootCA.key -out rootCA.crt (enter CN as "sr.com)
openssl req -config "D:\softwares\openssl-0.9.8k_X64\openssl.cnf" -new -newkey rsa:4096 -keyout localhost.key –out localhost.csr
openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in localhost.csr -out localhost.crt -days 365 -CAcreateserial -extfile localhost.ext
openssl pkcs12 -export -out localhost.p12 -name “localhost” -inkey localhost.key -in localhost.crt
(enter pass phrase for localhost.key and set export password)
keytool -importkeystore -srckeystore localhost.p12 -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS (set destination keystore password) (enter source keystore password i.e. localhost.p12)
keytool -import -trustcacerts -noprompt -alias ca -ext san=dns:localhost,ip:127.0.0.1 -file rootCA.crt -keystore truststore.jks (set keystore password)
openssl req -config "D:\softwares\openssl-0.9.8k_X64\openssl.cnf" -new -newkey rsa:4096 -nodes -keyout clientBob.key –out clientBob.csr Important: Give CN name as "Bob".
openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in clientBob.csr -out clientBob.crt -days 365 -CAcreateserial
openssl pkcs12 -export -out clientBob.p12 -name "clientBob" -inkey clientBob.key -in clientBob.crt