-1

Hi I create self signed certificate with this tutorial,and I have c# server that want communicate with android client but i really confused. Which certificate should I use for make the keystore from Server Certificate or from Client Certificate and how it should be done and whether the example or easy tutorial is done on the entire Internet, and where is it?

Hadi
  • 91
  • 1
  • 9
  • If you need it for a server, look into this tutorial here https://jamielinux.com/docs/openssl-certificate-authority/introduction.html and I need to ask if you need this for CLIENT-CERT SSL AUTH. – EpicPandaForce Sep 02 '15 at 20:32
  • I have c# server and need trust this through for android client – Hadi Sep 02 '15 at 21:02
  • Ah, so you just need a keystore for a TRUST STORE, and you don't need to provide a key factory. I unfortunately don't remember the exact "know-how" beyond that you need to place the certificate into a keystore using `keytool.exe` that's supplied with the JDK, and you need to specify the provider JAR to be bouncycastle, and the provider class to be the bouncycastle provider (fully qualified name), and the format to be BKS. I had this command ages ago, but I never saved it anywhere... -_- also, you should use SpongyCastle on Android instead of BouncyCastle. – EpicPandaForce Sep 02 '15 at 21:06
  • Oh, the internet says ( http://stackoverflow.com/questions/4065379/how-to-create-a-bks-bouncycastle-format-java-keystore-that-contains-a-client-c ) you should use Portecle instead of Keytool because it is easier to manage: http://portecle.sourceforge.net/ but if you check the asker's text here: `For reference the following is the command that IS working to create a BKS truststore:` that is **exactly** what you need. – EpicPandaForce Sep 02 '15 at 21:13
  • yes but which certificate useful for me server or client (http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/). I know how to use keytool or portcele but i don't know which certificate must use – Hadi Sep 02 '15 at 21:22
  • You need to create a BKS keystore that contains the server's certificate, and then use this as a trust store in your android application for web requests. – EpicPandaForce Sep 03 '15 at 06:52
  • thanks very much but, what are you mean (use this as a trust store)?DO you mean trust store must trust with keytool in JAVA HOME directory – Hadi Sep 03 '15 at 13:45
  • `sslContextBuilder.loadTrustMaterial(trustStore, trustStorePassword);` in your android code to trust only the server, duh. – EpicPandaForce Sep 03 '15 at 14:48
  • thank you you solved my issue :D – Hadi Sep 05 '15 at 09:33
  • Glad I could help :D – EpicPandaForce Sep 05 '15 at 09:39

1 Answers1

0

You haven't state what your certificate is for, which makes answering your question specifically impossible. However:

  • The client truststore must contain the server certificate, or that of one of its signers.
  • The server truststore must contain the client certificate, or that of one of its signers, if there are client certificates at all.
user207421
  • 305,947
  • 44
  • 307
  • 483
  • yes thanks but which certificate must use for server? (pfx or .cer ) and android client too – Hadi Sep 02 '15 at 23:24
  • 1
    Suppose you ask that in the body of your question. Suppose you had asked it in the first place? **This is the first time you've mentioned `.pfx` or `.cer`.** – user207421 Sep 03 '15 at 02:52