The application uses WebSocket over TLS. The URI schema for that is "wss".
The server is authenticated by a certificate.
The keytool utility is distributed with the JDK.
Default store type after Java 9 is PKCS12.
-keyalgis key algorithm-keystoreis the file name-aliasis an entry in the file-storepassis password for the keystore-validityin days-keysizeoverrides the default key size for the key algorithm-dnameX.500 distinguished name. See Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names
Example:
keytool -genkey -keyalg RSA -keystore selfsigned.pkcs -storepass storepassword -alias conga.server -validity 3650 -keysize 2048 -dname "CN=Conga, O=FIXTradingCommunity"
keytool -list -v -keystore -storepass password -keystore selfsigned.pkcs
The client stores the public certificate of the server in a truststore.
Various tools may be used to capture the public certificate from a running server, including openssl and Chrome certificate export wizard.
keytool -import -trustcacerts -alias conga.server -file conga-server.cer -keystore client.pkcs -storepass storepassword
Set the system properties
-Djavax.net.ssl.trustStore=client.pkcs
-Djavax.net.ssl.trustStorePassword=storepassword
Set the system property -Djavax.net.debug=ssl