DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • Authentication Using Server Side X.509 Certificates With N1QL
  • Time Zone Change in Mule Application
  • The Easiest and Quickest Way to Generate an OpenAPI Spec for an Existing Website
  • A Deep Dive Into Distributed Tracing

Trending

  • What You Must Know About Rate Limiting
  • Automated Testing: The Missing Piece of Your CI/CD Puzzle
  • Breaking Free From the Cloud With Kamal: Just Enough Orchestration for Your Apps
  • Multi-Tenancy With Keycloak, Angular, and SpringBoot
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Creating Self-Signed Certificate

Creating Self-Signed Certificate

Read on to view a step-by-step tutorial on how to create a Self Signed Certificate. This includes instructions on how to create a pk12 certificate and how to convert it.

Satheesh Kumar user avatar by
Satheesh Kumar
·
Updated Aug. 07, 19 · Tutorial
Like (11)
Save
Tweet
Share
51.10K Views

Join the DZone community and get the full member experience.

Join For Free

As MuleSoft developers, we often use signed certificates when exposing a service. I thought it would be helpful if I share the commands to create a pk12 certificate and also how to convert it to jks.

Step 1

Verify OpenSSL installed or not

$ which openssl
/usr/bin/openssl
$
#If not installed use
$ brew install openssl

If you are using Microsoft(r) Windows, check out http://gnuwin32.sourceforge.net/packages/openssl.htm for details about the openssl package on Windows.

Step 2

Create RSA Private Key

# The below command will create a file named 'server.pass.key' and place it in the same folder where the command is executed. 
$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048

# The below command will use the 'server.pass.key' file that just generated and create 'server.key'.
$ openssl rsa -passin pass:x -in server.pass.key -out server.key

# We no longer need the 'server.pass.key'
$ rm server.pass.key
$

Step 3

Create the Certificate Signing Request (CSR), utilizing the RSA private key we generated in the last step.

# The below command will ask you for information that would be included in the certificate. Since this is a self-signed certificate, there is no need to provide the 'challenge password' (to leave it blank, press enter).
$ openssl req -new -key server.key -out server.csr

You will be asked for additional details. Fill them and press enter.

Step 4

Generate a file named v3.ext with the below-listed contents:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step>
$

for multiple domains names subjectAltName can be used 

[alt_names]
DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step>
DNS.2 = <domain name 2>


Step 5

Create the SSL Certificate, utilizing the CSR created in the last step.

$ openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=<country>/ST=<state>/L=<locality>/O=<organization-name>/OU=<organization-unit-name>/CN=<common-name-probably-server-fqdn>/emailAddress=<email-address-provided-while-generating-csr>
Getting Private key
$

Step 6

Creating P12

openssl pkcs12 -export -name servercert -in server.crt -inkey server.key -out myp12keystore.p12

Converting P12 to JKS

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12keystore.p12 -srcstoretype pkcs12 -alias servercert
Certificate signing request dev Convert (command) Requests Command (computing) MuleSoft OpenSSL

Opinions expressed by DZone contributors are their own.

Related

  • Authentication Using Server Side X.509 Certificates With N1QL
  • Time Zone Change in Mule Application
  • The Easiest and Quickest Way to Generate an OpenAPI Spec for an Existing Website
  • A Deep Dive Into Distributed Tracing

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: