Generating truststore and pkcs12 keystore

1. # Generate a self-signed certificate for localhost and a new private key
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mockdis.key -out mockdis.crt

Enter ‘localhost’ on prompt:
Common Name (eg, YOUR name) :localhost

2. # Generate truststore and import newly created certificate
keytool -import -alias mockdis -keystore mockdistruststore.jks -file mockdis.crt

Establish keystore password <truststore_passwd> when prompted.
Enter ‘yes’ on prompt:
Trust this certificate? [no]: yes

3. # Generate PKCS#12 file
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in mockdis.crt -inkey mockdis.key -out mockdis.pfx -name “mockdis”

Establish keystore password <keystore_passwd> when prompted.

What you got is:
A truststore : mockdistruststore.jks with <truststore_passwd>
A pkcs12 keystore : mockdis.pfxwith <keystore_passwd>

You can use mockdis.pfx on the server and mockdistruststore.jks on the client side. If you need client to authenticate with certificate
(ie when using http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html) you can generate another .pfx keystore for the client.

Sources:

It's only fair to share...
Share on FacebookGoogle+Tweet about this on TwitterShare on LinkedIn

Leave a Reply