Server and Client SSL certificates with the same public key

Question

I want to secure the socket communication in a java based application(client and server architecture). I want to achieve this with the help of SSL.

As per my research I would need a SSL certificate (pair of keys private and public). I have got to know how to generate a certificate using Bouncy Castle library.

My questions are:

1. What I assume is that, in the server side the certificate must contain both private and, public key and in the client side the certificate must contain only the public key of the server. Is this correct?
2. If the above understanding is correct, how should I generate two certificates, one for server using both public and private key and the other one for client by only public key.

can some one give me some directions on this?

Answer 1

There are several resources online explaining very well how public-key crypto works. Generally, your server has two resources: a private key and a certificate. The public key is contained in the certificate. Usually the private key is protected with a password, so your server will also need that.

The certificate is sent to the client upon connection; but the client needs to trust it. For that to happen, either the certificate needs to be signed by a trusted authority, or you need to explicitly trust that certificate in the client (the latter case is referred to as a self-signed certificate).

Bouncy castle is a library for these kind of things, but you can use anything for creating your keypair. The most obvious one is keytool, which comes which java. read up on generating your keypair here.