Friday, 20 September 2019

Creating a RSA Key pair, a Self Signed Certificate and put it on a JKS Java Key Store

Generating a Key Pair (Private/Public key) and a Self-Signed Certificate and store them to a JKS Java Key Store 

Job done on a Linux box using the openssl tools and JDK 's keytool

1) Generate RSA key pair of 2048 bits
openssl genrsa -out 2048  

2) Generate certificate request for CA (.csr)
openssl req -x509 -sha256 -new -subj '/C=CY/ST=Nikosia/L=Center/'  -key -out

3) Generate self signed certificate expiry-time 10 years from the certificate request
openssl x509 -sha256 -days 3652 -in -signkey -out

4) Import the pair (private key and selfsigned certificate) in a new JKS (Trustore and Keystore together)
# Create PKCS12 keystore from private key and public certificate.
openssl pkcs12 -export -name -in -inkey -out -passin pass:welcome -password pass:welcome

# Convert PKCS12 keystore into a JKS keystore
keytool -importkeystore -destkeystore -srckeystore -srcstoretype pkcs12 -alias -srcstorepass welcome  -storepass welcome  -noprompt

No comments: