sslhttpscerhandshaking

Private keys in keystore. Which one is used while handshaking?

I am creating adapter for work with web-service, using proxy and ssl connection, and Have one problem with understanding Handshaking mechanism. I will explain one example.

My actions:

  1. Make server. Create private key with keytool. create .cer file for it.
  2. Make client. Create same for him.
  3. Exchange .cer with each other, import in keystores other side's certificate.
  4. Create connection. Ok. Everything is ok.
  5. In server's keystore I gen new private key.

Question: which pr_key do server use for handshaking?

Solution

  • The one that has a corresponding private key.

    Exporting a certificate to be used in the peer's trust store doesn't export the private key. So in fact there is only one to choose from: the one that corresponds to the certificate that was generated from it.