Overview When you go to your favorite bank’s website and log in to perform banking activities, how can you be sure you are logging into your bank’s official website? You can’t ask the website, as it...

Overview

When you go to your favorite bank’s website and log in to perform banking activities, how can you be sure you are logging into your bank’s official website? You can’t ask the website, as it could be a malicious website and would just lie to you. You need to ask a third party for verification. Your bank will have already arranged for this third party to hold a secret private key from an asymmetric private/public key pair. When you first connect to the bank’s website, the website gives you the public key from this pair along with information for contacting the third party. You will send this public key to the third party and, if the public key matches the private key they are holding for the bank’s website, they will verify the authenticity of the bank’s website to your web browser.

In the previous description, the third party is known as a certificate authority. The public key and certificate authority information are contained in a certificate file. The process to generate a certificate file using a certificate authority is not complex, but does require at least a valid domain name that you own. Some certificate authorities offer more services for additional costs. As a developer, you can avoid the expense and trouble of domain names and certificate authority interactions by generating a self-signed certificate that simulates the process of website-server verification.

By generating certificates, you can use the certificate for authentication; for example, HTTPS. In this assignment, you will explore how certificate authorities are used to enable HTTPS in the real world for production use. In Project Two, you will implement a self-signed certificate for HTTPS.

As a developer, it is valuable to learn how to use a variety of tools to generate certificates. In this assignment, you will generate a self-signed certificate for use in a secure communications environment.

Prompt

Certificate Authorities: Investigate and explain the role and value of the services provided by a certificate authority (CA).
For example,
Let's Encrypt
is an open source CA that can be used. Specifically, address the following in regard to the role and services provided by CAs:

• Why would you want to use a CA for security?


• What are the advantages of using a CA?

Ideally, you would have a third-party vendor CA generate certificates for you, which requires costs for the domain. In this case, the cost of having a third-party vendor CA generate certificates may not be affordable or necessary. In this assignment, you will generate self-signed certificates, which makes you the CA. Acting as the CA and generating certificates using free tools is common practice when you are developing.

Certificate Generation: Use the Java KeyTool to generate a self-signed certificate. There is no additional installation needed if you have Java installed on your computer or through Eclipse, but you need to locate your Java home location to find the keytool.exe. Please note: You will generate certificates in Project Two and use the Java KeyTool through Eclipse.

1. Begin by accessing the keystore by copying the command below. You must copy this text exactly and paste it into the Command Line. Be sure to revise the text where the word password appears with a unique and secure password. This will be your password for the entire exercise. You may refer to the Oracle Guidelines on the Key and Certificate Management Tool for additional guidance.
   
   
   keytool.exe -genkey -keyalg RSA -alias selfsigned -keypass password -keystore keystore.jks -storepass password -validity 360 -keysize 2048

   
   
   
   

2. Enter a secure password for the keystore (shown as password). You must copy this text exactly and paste it into the Command Line. Be sure to revise the text where the word password appears with a unique and secure password. This password will be used again shortly.
   
   
   
keytool.exe -export -alias selfsigned -storepass password -file server.cer -keystore keystore.jks

   
   
   '" title="Command Line 2" style="max-width: 100%;" data-d2l-editor-default-img-style="true">

3. Use a command to print out the CER file using Command Line.
   
   
   keytool.exe -printcert -file server.cer

   

4. To demonstrate that the certificate was effectively generated, submit a screenshot of the print out of the certificate information found in the server.cer file created in the previous step. An example is shown below:
   
   
   
   

5. Answer a series of questions with unique answers. You may use fictional information to fill in answers to the questions. You should submit a screenshot with the questions and answers to show that you have entered all the necessary field information as shown above.

6. Lastly, you will be prompted to enter the same password as before for the accessing keystore to export the certificate to a CER file.
   
   
   
keytool.exe -export -alias selfsigned -storepass changeme -file server.cer -keystore keystore.jks

   

Guidelines for Submission

Submit a Microsoft Word document that contains (1) a brief written component for discussing the use and value of utilizing certificate authorities, (2) a screenshot of the certificate information form filled out with all fields completed, and (3) a screenshot of the print out of the server.cer file to demonstrate that the certificate has been effectively generated.