/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Creating Self-Signed Certificate

DZone 's Guide to

Creating Self-Signed Certificate

Read on to view a step-by-step tutorial on how to create a Self Signed Certificate. This includes instructions on how to create a pk12 certificate and how to convert it.

by
·
May. 14, 18 · Security Zone ·
Free Resource

Comment (4)

Save
Tweet
{{ articles[0].views | formatCount}} Views

As MuleSoft developers, we often use signed certificates when exposing a service. I thought it would be helpful if I share the commands to create a pk12 certificate and also how to convert it to jks.

Step 1

Verify OpenSSL installed or not

$ which openssl
/usr/bin/openssl
$
#If not installed use
$ brew install openssl

If you are using Microsoft(r) Windows, check out http://gnuwin32.sourceforge.net/packages/openssl.htm for details about the openssl package on Windows.

Step 2

Create RSA Private Key

# The below command will create a file named 'server.pass.key' and place it in the same folder where the command is executed. 
$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048

# The below command will use the 'server.pass.key' file that just generated and create 'server.key'.
$ openssl rsa -passin pass:x -in server.pass.key -out server.key

# We no longer need the 'server.pass.key'
$ rm server.pass.key
$

Step 3

Create the Certificate Signing Request (CSR), utilizing the RSA private key we generated in the last step.

# The below command will ask you for information that would be included in the certificate. Since this is a self-signed certificate, there is no need to provide the 'challenge password' (to leave it blank, press enter).
$ openssl req -new -key server.key -out server.csr

You will be asked for additional details. Fill them and press enter.

Step 4

Generate a file named v3.ext with the below-listed contents:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step>
$

for multiple domains names subjectAltName can be used 

[alt_names]
DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step>
DNS.2 = <domain name 2>


Step 5

Create the SSL Certificate, utilizing the CSR created in the last step.

$ openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=<country>/ST=<state>/L=<locality>/O=<organization-name>/OU=<organization-unit-name>/CN=<common-name-probably-server-fqdn>/emailAddress=<email-address-provided-while-generating-csr>
Getting Private key
$

Step 6

Creating P12

openssl pkcs12 -export -name servercert -in server.crt -inkey server.key -out myp12keystore.p12

Converting P12 to JKS

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12keystore.p12 -srcstoretype pkcs12 -alias servercert

Like This Article? Read More From DZone

Mutual Authentication [Two-Way-SSL] Explained Using Mule Anypoint Platform
How to SSL Your APIs in Mule ESB
Acquiring Locks in Mule Flows to avoid Racing Condition

Free DZone Refcard

Variant Analysis
DOWNLOAD
Topics:
mule ,keystore ,mac ,certificate ,mulesoft

Comment (4)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Opinions expressed by DZone contributors are their own.

Security Partner Resources

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone