Over a million developers have joined DZone.

Creating Self Signed Certificate

DZone 's Guide to

Creating Self Signed Certificate

Read on to view a step-by-step tutorial on how to create a Self Signed Certificate. This includes instructions on how to create a pk12 certificate and how to convert it.

· Security Zone ·
Free Resource

As MuleSoft developers, we often use signed certificates when exposing a service. I thought it would be helpful if I share the commands to create a pk12 certificate and also how to convert it to jks.

Step 1

Verify OpenSSL installed or not

$ which openssl
#If not installed use
$ brew install openssl

If you are using Microsoft(r) Windows, check out http://gnuwin32.sourceforge.net/packages/openssl.htm for details about the openssl package on Windows.

Step 2

Create RSA Private Key

# The below command will create a file named 'server.pass.key' and place it in the same folder where the command is executed. 
$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048

# The below command will use the 'server.pass.key' file that just generated and create 'server.key'.
$ openssl rsa -passin pass:x -in server.pass.key -out server.key

# We no longer need the 'server.pass.key'
$ rm server.pass.key

Step 3

Create the Certificate Signing Request (CSR), utilizing the RSA private key we generated in the last step.

# The below command will ask you for information that would be included in the certificate. Since this is a self-signed certificate, there is no need to provide the 'challenge password' (to leave it blank, press enter).
$ openssl req -new -key server.key -out server.csr

You will be asked for additional details. Fill them and press enter.

Step 4

Generate a file named v3.ext with the below-listed contents:

keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step>

Step 5

Create the SSL Certificate, utilizing the CSR created in the last step.

$ openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
Getting Private key

Step 6

Creating P12

openssl pkcs12 -export -name servercert -in server.crt -inkey server.key -out myp12keystore.p12

Converting P12 to JKS

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12keystore.p12 -srcstoretype pkcs12 -alias servercert
mule ,keystore ,mac ,certificate ,mulesoft

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}