Generate selfsigned certificate and keystore JKS


Generate SSL keys

Execute each command individually:

openssl genrsa -out key.pem
openssl req -new -key key.pem -out csr.pem

IMPORTANT: To use that in localhost development you have to set Common Name to localhost: CN=localhost

openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem

Generate keystore from SSL keys

Execute each command individually

openssl pkcs12 -export -name localhost -in cert.pem -inkey key.pem -out key.p12
keytool -importkeystore -srckeystore key.p12 -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS -alias localhost

Check keystore

keytool --list --keystore keystore.jks 

Use keystore with Java application

set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=./keystore.jks
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStore=./keystore.jks
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=<pass>
java %JAVA_OPTS% -jar app.jar

Leave a comment

Your email address will not be published.