Few basic steps to create a complete keystore to host a server certificate. Create your custom self-signed CA if not yet available a trusted one # openssl genrsa -des3 -out ca.key 1024 # openssl req -new -x509 -day
Few basic steps to create a complete keystore to host a server SSL certificate.
- Create your custom self-signed CA if not yet available a trusted one
openssl genrsa -des3 -out ca.key 1024openssl req -new -x509 -days 3650 -key ca.key -out ca.cer -config openssl.cnf- Generate your server private key
keytool -genkey -alias server -dname "CN=www.tirasa.net, OU=ITC, O=Tirasa, L=Pescara, ST=Italy, C=IT" -storepass password -keystore keystore -keyalg RSA -keypass password
- Import the CA create above into your new keystore
keytool -import -alias ca -file ca.cer -keypass password -keystore keystore -storepass password
- Generate your certificate request
keytool -certreq -alias server -keyalg RSA -file tirasa.req -keypass password -keystore keystore -storepass password
- Sign request with your CA
openssl ca -config openssl.cnf -days 3650 -cert ca.cer -keyfile ca.key -out tirasa.pem -infiles tirasa.req
- Modify server certificate.
Remove all excluding what inside BEGIN/END CERTIFICATE
-----BEGIN CERTIFICATE-----
MIIDHzCCAoigAwIBAgIBEjANBgkqhkiG9w0BAQQFADBfMQswCQYDVQQGEwJJVDEO
........
-----END CERTIFICATE-----
- Genberate DER certificate from your modified PEM
openssl x509 -in tirasa.pem -outform DER -out tirasa.der
- Import DER certificate.
Make sure to use the same alias used for the private key.
keytool -import -alias server -file tirasa.der -keypass password -keystore keystore -storepass password 0 VOTI
Not rated yet
Not rated yet 
Dal Blog di Tirasa
Quello che facciamo, studiamo e pensiamo tutti i giorni lo condividiamo qui.