I need a clarity for two-way SSL, if I Create Client self-sign certificate, using OpenSSL then save it in Pkcs12 file and Server self-sign certificate using Java keytool then save it in Jks file. Can both certificate work for two-way SSL? Which TLS version openssl used?
Asked
Active
Viewed 324 times
1 Answers
1
The structure of a certificate is a standard and independent of a specific tool. This means it does not matter what tool is used to create certificates as long as it creates proper certificates. Also, the TLS protocol version used inside a connection has nothing to do with the certificate used for the connection and what tool was used to create the certificate.
Steffen Ullrich
- 114,247
- 10
- 131
- 172
-
it means the certificate stored in pkcs12 file and jks file are both in same format? no difference in formatting, storing? – Muhammad Hassan Feb 20 '19 at 06:57
-
No, it means the actual certificates once retrieved are in the same format. PKCS#12 and JKS are different formats for certificate *containers.* – user207421 Feb 20 '19 at 07:23
-
@MuhammadHassan: A certificate itself is a binary structure but it can be stored in various encodings or containers, i.e. PEM, JKS, PKCS#12.... But these are all different representations of the same thing. On the wire during the TLS handshake there is a single format and TLS stacks know how to retrieve the certificate from the various encodings and containers and use it within the TLS handshake. – Steffen Ullrich Feb 20 '19 at 07:23
-
@SteffenUllrich: Thanks for details. – Muhammad Hassan Feb 20 '19 at 07:34