Creating self-signed certificates for Java Keystore

I recently came across a project that required to use HTTPS on the backend side and I wanted to have HTTPS in the DEV environment.
Most people would ask “Why the hell would you use TLS for local tests?” – well, I just want to handle HTTPS problems as soon as possible during development.
The method described here uses openssl to generate the key and sign it. I’m aware that you can do this using Javas Keystore alone, but I wanted to show you another method, mostly for people like me – I’m just used to using openssl for this purpose.
1 2 3 4 5 6 7 8 9 10 |
# generate RSA private key openssl genrsa -aes256 -out server.key 1024 # generate X.509 Certificate Signing Request (CSR) openssl req -x509 -sha256 -new -key server.key -out server.csr # selfsign the private key openssl x509 -sha256 -days 3652 -in server.csr -signkey server.key -out selfsigned.crt # export pkcs12 format (required for keytool) openssl pkcs12 -export -name myservercert -in selfsigned.crt -inkey server.key -out keystore.p12 # import into keystore keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert |
If you’ve ever generated a CSR to buy a SSL Certificate or used to sign your own certs for things like Apache, you can see the only interesting part here is the export in PKCS12 format.
You can now use this keystore is stuff like Jetty, see my Alexa Backend post for an example.
2 Responses
I consider
keystore
extremely scary in general, howtos on this issue are greatly appreciated.[…] production environment. Either disable the SSL configuration or quickly head over to my article on creating self-signed certificates for Javas Keystore. Then make sure the following lines reflect your keystore location and password (notice that it […]