You can generate a private key (and a self-signed certificate) by using the keytool -genkeypair command. For example: keytool -genkeypair -noprompt -alias self -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname 'CN=hostname.example.com' -validity 365 -keypass password -keystore privatekey.jks -storepass password -storetype JKS. You can generate a private key (and a self-signed certificate) by using the keytool -genkeypair command. For example: keytool -genkeypair -noprompt -alias self -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname 'CN=hostname.example.com' -validity 365 -keypass password -keystore privatekey.jks -storepass password -storetype JKS.
Securing your Java application with an SSL certificate can be extremely important. Fortunately, it is (usually) quite simple to do using Java Keytool. Most situations require that you buy a trusted certificate, but there are many cases when you can generate and use a self signed certificate for free.
When to Use a Keytool Self Signed Certificate
An SSL certificate serves two essential purposes: distributing the public key and verifying the identity of the server so users know they aren't sending their information to the wrong server. It can only properly verify the identity of the server when it is signed by a trusted third party. A self signed certificate is a certificate that is signed by itself rather than a trusted authority. Since any attacker can create a self signed certificate and launch a man-in-the-middle attack, a user can't know whether they are sending their encrypted information to the server or an attacker. Because of this, you will almost never want to use a self signed certificate on a public Java server that requires anonymous visitors to connect to your site. However, self signed certificates have their place:
Never use a self signed certificate on an e-commerce site or any site that transfers valuable personal information like credit cards, social security numbers, etc.
Just keep in mind that visitors will see a warning in their browsers (like the one below) when connecting to a server that uses a self signed certificate until it is permanently stored in their certificate store.
Generate a Self Signed Certificate using Java Keytool
Now that you know when to use a Keytool self signed certificate, let's create one using a simple Java Keytool command:
This will create a keystore.jks file containing a private key and your sparklingly fresh self signed certificate. Now you just need to configure your Java application to use the .jks file. If you are using Tomcat, you can follow our Tomcat SSL Installation Instructions.
For more information on creating a Java Keytool Self Signed Certificate, see the following links:
![]()
Originally posted on Sat Oct 30, 2010
Save
Save
Save
To Generate a Certificate by Using keytool
By default, the keytool utility creates a keystorefile in the directory where the utility is run.
Before You Begin
To run the keytool utility, your shell environmentmust be configured so that the J2SE /bin directory is inthe path, otherwise the full path to the utility must be present on the commandline.
![]()
Example 11–10 Creating a Self-Signed Certificate in a JKS Keystore by Using an RSAKey Algorithm
RSA is public-key encryption technology developed by RSA Data Security,Inc.
Example 11–11 Creating a Self-Signed Certificate in a JKS Keystore by Using a DefaultKey AlgorithmKeytool Generate Self Signed Certificate With Private Key CodeExample 11–12 Displaying Available Certificates From a JKS KeystoreExample 11–13 Displaying Certificate information From a JKS KeystoreKeytool Create Certificate With Private KeyKeytool Generate Self Signed Certificate With Private Key CodeSee AlsoSelf Signed Certificate Windows
For more information about keytool, see the keytool reference page.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |