This content has been marked as final. Show 1 reply
This is an old question--probably resolved by now. But I wish the (obvious) answer had been posted. Would have saved me a bit of digging.
So...the straightforward way to get the NIST tls example to work is either
(A) Follow their README.txt instructions exactly (NOT RECOMMENDED):
1. Extract self-signed cert from test keystore:
keytool -export -file testCert.der -keystore testKeyStore (the password is testPass)
2. Import it into the JVM store (this is the NOT RECOMMENDED part):
keytool -import -file testCert.der -keystore <jre path>/lib/security/cacerts (default password is "changeit")
NOT RECOMMENDED because now by default, your JVM will always trust ANY program that presents you with this (insecure) test certificate.
(B) The simpler and safer approach is to tell the client to use the testKeyStore as its trustStore (not keyStore), instead of the default cacerts file. (I don't know why the nist-sip developer's didn't just do this in their makefile for the tls example code!)
If you're running the sample code from the makefile, for the CLIENT target (shootist), change the JVM parameters:
This is all that is required to run the example.