Creating Self-Signed Certificate
Read on to view a step-by-step tutorial on how to create a Self Signed Certificate. This includes instructions on how to create a pk12 certificate and how to convert it.
Join the DZone community and get the full member experience.Join For Free
As MuleSoft developers, we often use signed certificates when exposing a service. I thought it would be helpful if I share the commands to create a pk12 certificate and also how to convert it to jks.
Verify OpenSSL installed or not
$ which openssl /usr/bin/openssl $ #If not installed use $ brew install openssl
If you are using Microsoft(r) Windows, check out http://gnuwin32.sourceforge.net/packages/openssl.htm for details about the
openssl package on Windows.
Create RSA Private Key
# The below command will create a file named 'server.pass.key' and place it in the same folder where the command is executed. $ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 # The below command will use the 'server.pass.key' file that just generated and create 'server.key'. $ openssl rsa -passin pass:x -in server.pass.key -out server.key # We no longer need the 'server.pass.key' $ rm server.pass.key $
Create the Certificate Signing Request (CSR), utilizing the RSA private key we generated in the last step.
# The below command will ask you for information that would be included in the certificate. Since this is a self-signed certificate, there is no need to provide the 'challenge password' (to leave it blank, press enter). $ openssl req -new -key server.key -out server.csr
You will be asked for additional details. Fill them and press enter.
Generate a file named
v3.ext with the below-listed contents:
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step> $
for multiple domains names subjectAltName can be used
[alt_names] DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step> DNS.2 = <domain name 2>
Create the SSL Certificate, utilizing the CSR created in the last step.
$ openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=<country>/ST=<state>/L=<locality>/O=<organization-name>/OU=<organization-unit-name>/CN=<common-name-probably-server-fqdn>/emailAddress=<email-address-provided-while-generating-csr> Getting Private key $
openssl pkcs12 -export -name servercert -in server.crt -inkey server.key -out myp12keystore.p12
Converting P12 to JKS
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12keystore.p12 -srcstoretype pkcs12 -alias servercert
Opinions expressed by DZone contributors are their own.