==================================== README.TXT 12/06/2018 ==================================== This folder contains some successful SSL dabbles. The Raspberry Pi version work back to back to the Pi. When Certificates need to be swapped and installed - Windows 10 to Raspberry Pi not working. When keystare is generated and copied to other machines Server on pi can be reached by PC and Pi. There are lots of examples and loads of questions on the Web about SSL. This dabble captures this in java files, batch and shell scripts. On PC:- doKey.bat - generate a certificate doSSLserver.bat - build java and run it doSSLclient.bat - build java and run it On pi: bash doC.sh doBuild.sh - builds classes from java file doCert.sh - generated certificate and puts them in examplestore doS.sh - runs server - start 1st doC.sh - runs client - start 2nd This works back to back Windows 10 Java JDK 1.8.0_172 ============================ Setting up:- ============================ You may need to adjust these: rem path = %path% ;C:\Program Files\Java\jdk1.8.0_66\bin\ path = %path%;C:\Program Files\Java\jdk1.8.0_172\bin On PC:- doKey.bat - generate a certificate On pi: bash doC.sh bash doBuild.sh - builds calsses from java file bash doCert.sh - generated certificate and puts them in examplestore ============================ CommandLine Parameters:- ============================ These -D need to be between JAVA and the SSLSimpleClient -Djavax.net.ssl.trustStore=/home/pi/Desktop/examplestore -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.keyStore=/home/pi/Desktop/examplestore -Djavax.net.ssl.keyStorePassword=password -Djdk.tls.client.protocols="TLSv1.2" -Djavax.net.debug=all e.g. java -Djavax.net.ssl.keyStore=examplestore -Djavax.net.ssl.keyStorePassword=password SSLSimpleServer 3000 java -Djavax.net.ssl.trustStore=examplestore -Djavax.net.ssl.trustStorePassword=password SSLSimpleClient localhost 3000 *** SERVER *** java -Djavax.net.ssl.keyStore=/home/pi/Desktop/examplestore -Djavax.net.ssl.keyStorePassword=password -Djdk.tls.client.protocols="TLSv1.2" -Djavax.net.debug=all SSLSimpleServer 3000 *** CLIENT *** java -Djavax.net.ssl.trustStore=/home/pi/Desktop/examplestore -Djavax.net.ssl.trustStorePassword=password -Djavax.net.debug=all -Djdk.tls.client.protocols="TLSv1.2" SSLSimpleClient localhost 3000 ====================================== Test senarios ====================================== I used doKey.bat on PC and doCert.sh on raspberry Pi to generate certificates. There ia no common certificate. senario 1 - get Client server running back to back on PC - working senario 2 - get Client server running back to back on PC - working senario 3 - get server running on Pi and client on PC - not working - no certificte senario 4 - get server running on Pc and client on PC - not working - unexpected message ====================================== senario 5 - Generate a certificate and export it, import it on PC and Pi - not working rem generate key to run on PC and Pi, using password: password cd C:\users\doug\mycerts keytool -genkey -alias signFilesonPCandPi -keystore examplestore keytool -export -alias signFiles -storepass password -file serverPC.cer -keystore examplestore ftp C:\users\doug\mycerts\serverPCPI.cer onto Pi. Install on Pi using keytool -import -v -alias signFiles -file server.cer -keystore examplestore -keypass password -trustcacerts On the Pi below works in separate windows:- bash doCert.sh bash doS.sh bash doC.sh On PC below works:- doKey.bat doSSLserver.bat doSSLclient.bat ====================================== senario 6 - Generate a certificate on PI 192.168.1.88 and copy examplestore to PC and other pi. - works Should really export certificates and import 192.168.1.88 bash doS.sh run server - works 192.168.1.81 bash doCr.sh run Client and connect to server - works 192.168.1.90 bash doCr.sh run Client and connect to server - works