SSL

Subsections of SSL

Custom CA using OpenSSL

Generate a Private Key for the CA

openssl genrsa -out ca.key 2048

Create a Certificate Signing Request (CSR) for the CA

openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=CZ/ST=CZ/L=Prague/O=My CA/OU=CA/CN=My CA"

Generate a Private Key for the Server

openssl genrsa -out server.key 2048

Create a CSR for the Server

openssl req -new -key server.key -out server.csr -subj "/C=US/ST=California/L=San Francisco/O=My Organization/OU=Server/CN=my.domain.com"

Sign the Server’s CSR with the CA

openssl ca -in server.csr -out server.crt -key ca.key -cert ca.crt -days 365

Keytool

Generate private key (will do self-signed cert as well)

keytool -genkey -alias my_alias -keyalg RSA -keystore my_keystore.jks -keysize 2048

Create CSR from keystore

keytool -certreq -alias my_alias -keyalg RSA -file my_certreq.csr -keystore my_keystore.jks

Import Certificate

cat my_cert.pem intermediate-ca.pem root-ca.pem > fullchain.pem
keytool -import -keystore my_keystore.jks -alias my_alias -file fullchain.pem

List Certificates

keytool -list -keystore my_keystore.jks -v