1. Client(i.e.ServiceNow) and Server (i.e. a 3rd Party) will do a handshake before transmitting any data.

2. Client will have a keystore with Public and Private Key Pair

3. Server will have a keystore with Public and Private Key Pair

4. Client will share the public key( a certificate) with Server and Server will keep it in its truststore.

5. Server will share the public key( a certificate) with Client and Client will keep it in its truststore.

6. Lets say, client initiated the handshare, it will send out its public certificate to Server.

7. Server will check if it has this public certificate in its truststore = which it does.

8. Server sends its public certificate to client and client will check if it has this public certificate in its truststore = which it does.

9. Since handshake is now successful, Client will send out the payload

10. Client will encrypt the payload using Server’s Public Certificate from its truststore.

11. Server receives this payload, and decrypts this payload from the private key in Server’s keystore.

12. Server responds with payload encrypted using Client’s Public Certificate from its truststore.

13. Client receives this payload, and decrypts this payload from the private key in Client’s keystore.

 

 

Step#1: Generate Keystore Pair (Public and private key), self-signed:

 

============

C:\Program Files\Java\jre1.8.0_162\bin>keytool -genkey -alias Keystore_alias -keyalg R

SA -validity enter_Validity_in_Days -keystore Keystore_name.keystore -storepass Keystore_Password -keypass Key_Password

What is your first and last name?

  [Unknown]:  ..........

What is the name of your organizational unit?

  [Unknown]:  ..........

What is the name of your organization?

  [Unknown]:  ..........

What is the name of your City or Locality?

  [Unknown]:  ..........

What is the name of your State or Province?

  [Unknown]:  ..........

What is the two-letter country code for this unit?

  [Unknown]:  ..........

Is CN=vab, OU=servicenow, O=servicenow, L=sydney, ST=nsw, C=61 correct?

  [no]:  yes

============ 

 

 

 

Step#2: Extract the public certificate from above keystore pair:

 

============

C:\Program Files\Java\jre1.8.0_162\bin>keytool -export -alias Keystore_alias -keystore

 Keystore_name.keystore -storepass Keystore_Password -file Cert_name.cer

 

Certificate stored in file <snclient.cer>

 

Warning:

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS

12 which is an industry standard format using "keytool -importkeystore -srckeyst

ore snclient.keystore -destkeystore snclient.keystore -deststoretype pkcs12".

============