Generating truststore and pkcs12 keystore

1. # Generate a self-signed certificate for localhost and a new private key
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mockdis.key -out mockdis.crt

Enter ‘localhost’ on prompt:
Common Name (eg, YOUR name) :localhost

2. # Generate truststore and import newly created certificate
keytool -import -alias mockdis -keystore mockdistruststore.jks -file mockdis.crt

Establish keystore password <truststore_passwd> when prompted.
Enter ‘yes’ on prompt:
Trust this certificate? [no]: yes

3. # Generate PKCS#12 file
openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in mockdis.crt -inkey mockdis.key -out mockdis.pfx -name “mockdis”

Establish keystore password <keystore_passwd> when prompted.

What you got is:
A truststore : mockdistruststore.jks with <truststore_passwd>
A pkcs12 keystore : mockdis.pfxwith <keystore_passwd>

You can use mockdis.pfx on the server and mockdistruststore.jks on the client side. If you need client to authenticate with certificate
(ie when using you can generate another .pfx keystore for the client.


It's only fair to share...
Share on Facebook
Tweet about this on Twitter
Share on LinkedIn

Leave a Reply