Generating/Signing Certificates with OpenSSL and Converting to Java Key Store(JKS)
A simple guide to generate signed certificates using OpenSSL and import them into a Java Key Store (JKS)
5 min readJan 18, 2021
When we require to obtain a new server certificate, we follow the following steps.
- Generate a new key pair
- Generate a CSR (certificate signing request) for the public key certificate
- Get the CSR signed by a CA (certificate authority)
- Install the signed certificate obtained from CA and the private key in the server
Here, instead of steps 2 and 3, you can generate a self signed certificate (using OpenSSL, using Java keytool). But a self signed certificate is not accepted for public use (eg: by web browsers). Therefore, in this article I will be discussing how we can achieve the above 4 steps primarily using OpenSSL.
Alternatively, you can complete all the above steps except step 3 (getting the CSR signed by a CA) using java keytool commands as described in Oracle Java SSL Guide.
Let’s get started.
