Generating/Signing Certificates with OpenSSL and Converting to Java Key Store(JKS)

A simple guide to generate signed certificates using OpenSSL and import them into a Java Key Store (JKS)

Imesha Sudasingha
5 min readJan 18, 2021

When we require to obtain a new server certificate, we follow the following steps.

  1. Generate a new key pair
  2. Generate a CSR (certificate signing request) for the public key certificate
  3. Get the CSR signed by a CA (certificate authority)
  4. Install the signed certificate obtained from CA and the private key in the server

Here, instead of steps 2 and 3, you can generate a self signed certificate (using OpenSSL, using Java keytool). But a self signed certificate is not accepted for public use (eg: by web browsers). Therefore, in this article I will be discussing how we can achieve the above 4 steps primarily using OpenSSL.

Alternatively, you can complete all the above steps except step 3 (getting the CSR signed by a CA) using java keytool commands as described in Oracle Java SSL Guide.

Let’s get started.

Generate Key Pair and CSR with OpenSSL

--

--

Imesha Sudasingha
Imesha Sudasingha

Written by Imesha Sudasingha

Co-Founder @HighFlyer | Ex @WSO2 | Ex @BallerinaLang | Opensource | Member @TheASF

No responses yet