... |
To generate a self-signed certificate, you need a program called “keytool”, which is supplied with any version of the Java SDK. The instructions below walk through the creation of both the key store and the trust store files for a 1-way SSL configuration with the security keys.
keytool -genkey -alias teiid -keyalg RSA -validity 365 –keystore server.keystore –storetype JKS Enter keystore password: <enter password> What is your first and last name? [Unknown]: <user’s name> What is the name of your organizational unit? [Unknown]: <department name> What is the name of your organization? [Unknown]: <company name> What is the name of your City or Locality? [Unknown]: <city name> What is the name of your State or Province? [Unknown]: <state name> What is the two-letter country code for this unit? [Unknown]: <country name> Is CN=<user’s name>, OU=<department name>, O="<company name>", L=<city name>, ST=<state name>, C=<country name> correct? [no]: yes Enter key password for <server> (Return if same as keystore password)
The "server.keystore" can be used as keystore based upon the newly created private key.
From the "server.keystore" created above we can extract a public key for creating a trust store
keytool -export -alias teiid –keystore server.keystore -rfc -file public.cert Enter keystore password: <enter passsword>
This creates the "public.cert" file that contains the public key based on the private key in the "server.keystore"
keytool -import -alias teiid -file public.cert –storetype JKS -keystore server.truststore Enter keystore password: <enter password> Owner: CN=<user's name>, OU=<dept name>, O=<company name>, L=<city>, ST=<state>, C=<country> Issuer: CN=<user's name>, OU=<dept name>, O=<company name>, L=<city>, ST=<state>, C=<country> Serial number: 416d8636 Valid from: Fri Jul 31 14:47:02 CDT 2009 until: Sat Jul 31 14:47:02 CDT 2010 Certificate fingerprints: MD5: 22:4C:A4:9D:2E:C8:CA:E8:81:5D:81:35:A1:84:78:2F SHA1: 05:FE:43:CC:EA:39:DC:1C:1E:40:26:45:B7:12:1C:B9:22:1E:64:63 Trust this certificate? [no]: yes
Now this has created "server.truststore". There are many other ways to create self signed certificates, the above procedure is just one way. If you would like create them using "openssl", see this tutorial.