I have this REST client in one server that will call the endpoints in another server. I understand that If I don´t have the certificates imported, calls will fail due to a SSL Handshake problem. I also understand that the certificates should be exported from my server and then imported in the client machine. So far so good.
The problem is, what certificates should I export from my server? is there any kind of public certificate with a specific name? Should I create a self signed certificate in the server side, export it and then import it in the client side?
What would be the required steps in order to generate the certificate (if this is the case) and export the certificate?
For real world applications (in this case, one server talking to another) this(or these) certificate(s) should be self signed, public?
- What is the relation between the certificates and the JVM (keytool thing, keystore, etc)?
As you can see, my questions are more about basic concepts.
Thank you