Creating Self-Signed Certificate

As MuleSoft developers, we often use signed certificates when exposing a service. I thought it would be helpful if I share the commands to create a pk12 certificate and also how to convert it to jks.

Step 1

Verify OpenSSL installed or not

$ which openssl
#If not installed use
$ brew install openssl

If you are using Microsoft(r) Windows, check out for details about the openssl package on Windows.

Step 2

Create RSA Private Key

# The below command will create a file named 'server.pass.key' and place it in the same folder where the command is executed. $ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 # The below command will use the 'server.pass.key' file that just generated and create 'server.key'.
$ openssl rsa -passin pass:x -in server.pass.key -out server.key # We no longer need the 'server.pass.key'
$ rm server.pass.key

Step 3

Create the Certificate Signing Request (CSR), utilizing the RSA private key we generated in the last step.

# The below command will ask you for information that would be included in the certificate. Since this is a self-signed certificate, there is no need to provide the 'challenge password' (to leave it blank, press enter).
$ openssl req -new -key server.key -out server.csr

You will be asked for additional details. Fill them and press enter.

Step 4

Generate a file named v3.ext with the below-listed contents:

keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names [alt_names]
DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step>

for multiple domains names subjectAltName can be used 

DNS.1 = <specify-the-same-common-name-that-you-used-while-generating-csr-in-the-last-step>
DNS.2 = <domain name 2>

Step 5

Create the SSL Certificate, utilizing the CSR created in the last step.

$ openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
Getting Private key

Step 6

Creating P12

openssl pkcs12 -export -name servercert -in server.crt -inkey server.key -out myp12keystore.p12

Converting P12 to JKS

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12keystore.p12 -srcstoretype pkcs12 -alias servercert

This UrIoTNews article is syndicated fromDzone