Child pages
  • Create self signed certificate
Skip to end of metadata
Go to start of metadata
Create certificate and private key

# For HTTPS servers remember to put the
# server FQDN in the CN.



# Generate key
openssl genrsa -out "$KEY" 1024 || exit 1

# Certificate Signing Request (Remember to modify the signing request subject)
openssl req -new -key "$KEY" -out "$CSR" -subj "$subject" || exit 1

# Self sign
openssl x509 -req -days 1000 -in "$CSR" -out "$CRT" -signkey "$KEY" || exit 1

User/role certificate

./ myCert "/C=DK/O=my Organisation/OU=my Department/CN=my Name"

Web server certificate:

./ myCert "/C=DK/O=KB/OU=DIS/"

For self signed certificates, the .csr-file can be safely ignored

Optionally create java keystore from certificate, eg. for activemq

Convert the broker key and certificate to PKCS12 format - enter a password when prompted and use that password again for the next step

  openssl pkcs12 -export -in broker.crt -inkey broker.key -out broker.p12

Import the server key from the p12 file. Note that redhats builtin keytool is bogus!

  <path_to_jre_or_jdk>/keytool    \
          -importkeystore         \
          -srckeystore broker.p12 \
          -srcstoretype pkcs12    \
          -destkeystore broker.ks \
          -storepass 123456
  • No labels