Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Creating Self Signed Certificate

DZone's Guide to

Creating Self Signed Certificate

Read on to view a step-by-step tutorial on how to create a Self Signed Certificate. This includes instructions on how to create a pk12 certificate and how to convert it.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

As MuleSoft developers, we often use signed certificates when exposing a service. I thought it would be helpful if I share the commands to create a pk12 certificate and also how to convert it to jks.

Step 1

Verify OpenSSL installed or not

$ which openssl
/usr/bin/openssl
$
#If not installed use
$ brew install openssl

If you are using Microsoft(r) Windows, check out http://gnuwin32.sourceforge.net/packages/openssl.htm for details about the openssl package on Windows.

Step 2

Create RSA Private Key

# The below command will create a file named 'server.pass.key' and place it in the same folder where the command is executed. 
$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048

# The below command will use the 'server.pass.key' file that just generated and create 'server.key'.
$ openssl rsa -passin pass:x -in server.pass.key -out server.key

# We no longer need the 'server.pass.key'
$ rm server.pass.key
$

Step 3

Create the Certificate Signing Request (CSR), utilizing the RSA private key we generated in the last step.

# The below command will ask you for information that would be included in the certificate. Since this is a self-signed certificate, there is no need to provide the 'challenge password' (to leave it blank, press enter).
$ openssl req -new -key server.key -out server.csr

You will be asked for additional details. Fill them and press enter.

Step 4

Generate a file named v3.ext with the below-listed contents:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step>
$

Step 5

Create the SSL Certificate, utilizing the CSR created in the last step.

$ openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=<country>/ST=<state>/L=<locality>/O=<organization-name>/OU=<organization-unit-name>/CN=<common-name-probably-server-fqdn>/emailAddress=<email-address-provided-while-generating-csr>
Getting Private key
$

Step 6

Creating P12

openssl pkcs12 -export -name servercert -in server.crt -inkey server.key -out myp12keystore.p12

Converting P12 to JKS

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12keystore.p12 -srcstoretype pkcs12 -alias servercert

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
mule ,keystore ,mac ,certificate ,mulesoft

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}