Generating Self Signed Certificate with Keytool

    To generate a self-signed certificate, you need a program called “keytool”, which is supplied with any version of the Java SDK.  The instructions below walk through the creation of both the key store and the trust store files for a 1-way SSL configuration with the security keys.

     

                 

    Creating private/public key pair:

     

    keytool -genkey -alias teiid -keyalg RSA -validity 365 –keystore
    server.keystore –storetype JKS
    
     Enter keystore password:  <enter password>
     What is your first and last name?
     [Unknown]:  <user’s name>
     What is the name of your organizational unit?
     [Unknown]:  <department name>
     What is the name of your organization?
     [Unknown]:  <company name>
     What is the name of your City or Locality?
     [Unknown]:  <city name>
     What is the name of your State or Province?
     [Unknown]:  <state name>
     What is the two-letter country code for this unit?
     [Unknown]:  <country name> 
    
     Is CN=<user’s name>, OU=<department name>, O="<company name>",
     L=<city name>, ST=<state name>, C=<country name>  correct?
     [no]:  yes
     Enter key password for <server>
     (Return if same as keystore password)
    

    The "server.keystore" can be used as keystore based upon the newly created private key.

     

    Extracting the public key:


    From the "server.keystore" created above we can extract a public key for creating a trust store

     

                 

    keytool -export -alias teiid –keystore server.keystore -rfc -file public.cert
     Enter keystore password: <enter passsword>
    

    This creates the "public.cert" file that contains the public key based on the private key in the "server.keystore"

     

    Creating the Truststore:

     

    keytool -import -alias teiid -file public.cert –storetype JKS -keystore server.truststore
    Enter keystore password:  <enter password> 
    Owner: CN=<user's name>, OU=<dept name>, O=<company name>, L=<city>, ST=<state>, C=<country>
    Issuer: CN=<user's name>, OU=<dept name>, O=<company name>, L=<city>, ST=<state>, C=<country>
    Serial number: 416d8636
    Valid from: Fri Jul 31 14:47:02 CDT 2009 until: Sat Jul 31 14:47:02 CDT 2010
    Certificate fingerprints: 
             MD5:  22:4C:A4:9D:2E:C8:CA:E8:81:5D:81:35:A1:84:78:2F
             SHA1: 05:FE:43:CC:EA:39:DC:1C:1E:40:26:45:B7:12:1C:B9:22:1E:64:63
    Trust this certificate? [no]:  yes
    

     

    Now this has created "server.truststore". There are many other ways to create self signed certificates, the above procedure is just one way. If you would like create them using "openssl", see this tutorial.