Removed CA cert from keystores as unnecessary

mikepound · May 16, 2019 · 2086ea6 · 2086ea6
1 parent 29a955f
commit 2086ea6
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 1 deletion.
diff --git a/java/README.md b/java/README.md
@@ -56,7 +56,7 @@ keytool -list -keystore ClientKeyStore.jks
 keytool -list -v keystore ClientTrustStore.jks
 ```
 
-Notice that the trust store only contains the root certificate, while the key store contains the entire chain.
+Notice that the trust store only contains the root certificate, while the key store contains the chain up to the root.
 
 ## Exercise 3: Certificate Pinning
 In this exercise there are two possible servers, one acting as an imposter. Both servers have valid certificates - perhaps a private key got leaked - but in any case we want to configure the client to only accept a single certificate. This is called pinning. The client and servers use this connection to send a fictitious banking record. This is implemented using a serialisable class, and Object streams.

diff --git a/java/src/main/resources/client/ClientKeyStore.jks b/java/src/main/resources/client/ClientKeyStore.jks
diff --git a/java/src/main/resources/server/ServerAltKeyStore.jks b/java/src/main/resources/server/ServerAltKeyStore.jks
diff --git a/java/src/main/resources/server/ServerKeyStore.jks b/java/src/main/resources/server/ServerKeyStore.jks