Over a million developers have joined DZone.

Creating a Keystore? Here's How

Need a keystore? Find out how to make one here.

· Performance Zone

Evolve your approach to Application Performance Monitoring by adopting five best practices that are outlined and explored in this e-book, brought to you in partnership with BMC.

In my last blog I explained how to create a self-signed SSL certificate. You can go through the previous blog and generate the certificate and private key as we’ll be needing it for creating a KeyStore.

Create a self-signed SSL Certificate using OpenSSL.

In this blog I’ll be explaining how one can create a KeyStore in PKCS12 Format using OpenSSL.

Let’s start with “What is PKCS12 Format ?

A PKCS12 (Public-Key Cryptography Standards) defines an archive-file format for storing server certificates, intermediate certificate if any and private key into a single encryptable file.

Now, let's see how we can create a KeyStore.

For generating a KeyStore one should already have an existing private key and certificate(self-signed or signed by CA). Following are the steps required for creating a KeyStore:

->Step1: Create private key and certificate.

Create a self-signed SSL Certificate using OpenSSL.

After step1 you’ll have key(server.key), CSR(server.csr) and certificate(server.crt). We’ll be using server.key and server.crtfiles in our next step.

->Step2: Create .pem file. Run the following commands from your terminal:

  • cat server.key > server.pem
  • cat server.crt >> server.pem

“A .pem(Privacy Enhanced Mail) file is a container format that may just include the public certificate or the entire certificate chain (private key, public key, root certificates).”

The existing key and the certificate would be there in your server.pem file. The Structure of.pem file looks like this:

—–BEGIN RSA PRIVATE KEY—–
(Private Key: domain_name.key contents)
—–END RSA PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
(Primary SSL certificate: domain_name.crt contents)
—–END CERTIFICATE—–

-> Step3: Create.pkcs12 file.

  • openssl pkcs12 -export -in server.pem -out keystore.pkcs12

This command will generate the KeyStore with name keystore.pkcs12, you can use the KeyStore for configuring your server.

So this is how we can generate a KeyStore in PKCS12.

Enjoy

Reference:

https://www.openssl.org/

Learn tips and best practices for optimizing your capacity management strategy with the Market Guide for Capacity Management, brought to you in partnership with BMC.

Topics:
ssh ,key management

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}