I am creating adapter for work with web-service, using proxy and ssl connection, and Have one problem with understanding Handshaking mechanism. I will explain one example.
My actions:
- Make server. Create private key with keytool. create
.cer
file for it. - Make client. Create same for him.
- Exchange
.cer
with each other, import in keystores other side's certificate. - Create connection. Ok. Everything is ok.
- In server's keystore I gen new private key.
Question: which pr_key
do server use for handshaking?
The one that has a corresponding private key.
Exporting a certificate to be used in the peer's trust store doesn't export the private key. So in fact there is only one to choose from: the one that corresponds to the certificate that was generated from it.