Development Kit User's Guide

This chapter describes how to generate a certificate that can be used in SSL and HTTPS transactions.

---

SSL and HTTPS Certificates and Keys

An SSL implementation needs four algorithms, digital signature., key establishment, and bulk encryption, and message digest. The Java Card 3 platform implements the SSL key establishment algorithm through the use of the following set of certificates and keys as key = value pairs in system.config :

• ssl.serverIdentity - The CA certificate.
• ssl.selfIdentityAsServer - The server public certificate.
• ssl.selfIdentitySSLPrivateKeyMod - The server private key (mod).
• ssl.selfIdentitySSLPrivateKeyExp - The server private key (exp).
• ssl.selfIdentityAsClient -The client public certificate.

Custom implementations require that the developer generate corresponding custom certificates and keys. The certificates and keys are used by the Card Manager to verify the digital signature of WAR file.

1. Generate a server key and certificate signing request (csr):

openssl genrsa -out s.key 1024

openssl req -new -key s.key -out server.csr

2. Generate a CA key and self-signed certificate:

openssl genrsa -out ca.key 1024

openssl -req new -x509 -days 365 -key ca.key -out ca.crt

3. Sign the csr and create the certificate:

sign.sh server.csr

Development Kit User's Guide

May 2009

Copyright © 2009 Sun Microsystems, Inc. All rights reserved.