Sunday, 22 June 2014

Creating a self signed certificate for SSL using java keytool


In this post we will see how to create a self signed certificate using keytool  utility provided in java SDK. You should have Java SDK installed for this and set it in the classpath.  Simplesway to check if it is added in the classpath is to open command prompt and type java -version. It should show you which java version you are using.

Getting Started

So lets get started.

  1. Run the following command from the command line -

    keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass mypasswd -validity 360 -keysize 2048
  2. You will be asked to enter some details. Enter your first and last name (same line).
  3. Then enter your organizational unit name.
  4. Then name of your city / locality.
  5. Name of your state / province.
  6. Two letter country code.
  7. And finally the key password. Hit enter if it is same as keystore password.

 Your keystore.jks should be create in your root folder or the PATH (if you have explicitly provided one).


More Details...

To create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line:

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA   

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

Note 1 : The RSA algorithm should be preferred as a secure algorithm, and this also ensures general compatibility with other servers and components.

Note 2 : This command will create a new file, in the home directory of the user under which you run it, named ".keystore". To specify a different location or filename, add the -keystore parameter, followed by the complete pathname to your keystore file, to the keytool command shown above.

For detailed post on how to configure and support https on your tomcat refer following -

Important Links

No comments:

Post a Comment

t> UA-39527780-1 back to top