Subscribe RSS10 Jan 22
Creating Keystore and Self-Signed Certificate with openSSL
It is in fact very easy to generate a self-signed certificate with openSSL.
In order to generate Keystore and Certificate using open SSL, we first need to generate a key
openssl genrsa -out <name of private key file>.key 1024
then we need to generate a Certificate Signing Request by reading the private key we just generated
openssl req -new -key <name of private key file>.key -out <name of csr file>.csr
After that, we could Self-Sign the certificate (note: if you only want the key-cert pair, you could stop after this step, else go to the next step for keystore generation).
openssl x509 -req- days <num of days valid> -in <name of csr file>.csr -signkey <name of private key file>.key -sha1 -out <name of cert file>.cert
Finally, with the key and certificate, we could combine them into a keystore
openssl pkcs12 -name <key alias> -export -in <name of cert file>.cert -inkey <name of private key file>.key -out <name of the keystore file>.p12
The key and certificate is ready to be used in various applications (e.g. Dovecot, Apache WebServer…)