Creating self-signed certificates for Java Keystore
I recently came across a project that required to use HTTPS on the backend side and I wanted to have HTTPS in the DEV environment.
Most people would ask “Why the hell would you use TLS for local tests?” – well, I just want to handle HTTPS problems as soon as possible during development.
The method described here uses openssl to generate the key and sign it. I’m aware that you can do this using Javas Keystore alone, but I wanted to show you another method, mostly for people like me – I’m just used to using openssl for this purpose.
# generate RSA private key
openssl genrsa -aes256 -out server.key 1024
# generate X.509 Certificate Signing Request (CSR)
openssl req -x509 -sha256 -new -key server.key -out server.csr
# selfsign the private key
openssl x509 -sha256 -days 3652 -in server.csr -signkey server.key -out selfsigned.crt
# export pkcs12 format (required for keytool)
openssl pkcs12 -export -name myservercert -in selfsigned.crt -inkey server.key -out keystore.p12
# import into keystore
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert
If you’ve ever generated a CSR to buy a SSL Certificate or used to sign your own certs for things like Apache, you can see the only interesting part here is the export in PKCS12 format.
You can now use this keystore is stuff like Jetty, see my Alexa Backend post for an example.