Generating a self-signed SSL certififcate
One of the tasks every software developer needs to tackle periodically is generating a self-signed SSL certificate in one form or another for the purpose of testing SSL-secured software systems. Here is an easy method to generate a self-signed cert on the CLI.
$ openssl genrsa -out privatekey.pem 2048 $ openssl req -new -key privatekey.pem -out signingrequest.cer $ openssl x509 -req -days 3650 -in signingrequest.cer -signkey privatekey.pem -out certificate.pem
View the generated certificate:
$ openssl x509 -text -noout -in certificate.pem
For Java server applications, you need to convert the key into the keystore format. Convert the certificate to a PKCS12 format.
openssl pkcs12 -export -in certificate.pem -inkey privatekey.pem -out certificate.p12 -name <hostname>
where <hostname> is the common name of the certificate.
Pick a password for the export, you'll need it in a second.
Import the PKCS12 cert into a keystore:
keytool -importkeystore -deststorepass <makeapass> -destkeypass <keypassword> -destkeystore keystore.jks -srckeystore certificate.p12 / -srcstoretype PKCS12 -srcstorepass <password> -alias <hostname>
Create a keystore password in place of <makeapass>. For <keypassword>, use the password of the original certificate. For <password>, use the password you just specified for the export.
Now you have a self-signed certificate in two useful formats for server applications.