How to create self-signed root certificate and intermediate CA to be imported in Java keystore?
We will use this for SSL and TLS, and later for Client certificate based CLIENT-AUTH authentication.
Using OpenSSL and KeyTool.
How to create self-signed root certificate and intermediate CA to be imported in Java keystore?
We will use this for SSL and TLS, and later for Client certificate based CLIENT-AUTH authentication.
Using OpenSSL and KeyTool.
Just a side note for anyone wanting to generate a chain and a number of certificates. Refining @EpicPandaForce's own answer, here's a script that creates a root CA in
root-ca/
, an intermediate CA inintermediate/
and three certificates toout/
, each signed with the intermediate CA.Based on the following guide, special thanks to Jamie Nguyen for making a guide which made this possible, thank you!
By following the guide on https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/ do the following :
Install OpenSSL for Windows: http://slproweb.com/products/Win32OpenSSL.html
Add the
bin
folder to the environment variablePATH
Create a directory for the certificates, I will call this
cert-test
Use the following
openssl.cfg
data for the [ CA_default ] tag:this
create the directories in
cert_test
:certs crl newcerts private
use following commands to create
Root CA:
create folder
intermediate
create folders
certs crl newcerts private
create file
index.txt
create file
serial
and write a number into it like1000
execute following
commands:
cat
:keytool
:And you might have to import the CA cert into the ia.jks.