Enabling SSL for the Server

To enable SSL for a server, you need to set up the appropriate Java keystore and/or trust store files and then configure the server to use these keystores. If you want to authenticate the server so that clients know that they are connecting to the correct server, set up a keystore with the server's private key on the server. For example, the following command creates a keystore keystore.jks containing a generated private/public key pair.

keytool -genkeypair -alias certificatekey -keyalg RSA \ 
-validity 7 -keystore keystore.jks

If you want to authenticate clients, set up a trust store with trusted clients' public keys on the server. For more information, see "Connecting to a Server with SSL".

Once the keystore and/or trust store are set up, you should list them in the server configuration file. For example:


# Configure the keystore for SSL.
# Configure the trust store for SSL.