Creating a Custom Keystore with Self-Signed Certificates

Edit online

You have to perform this procedure if your organization does not have policies and procedures in place regarding the generation and use of digital certificates and certificate chains, including the use of certificates signed by a CA but want to generate a self-signed certificate and import them into the keystore and truststore.

  1. Create a new keystore with a self-signed certificate.
    1. Run the following command, and provide the keystore password (for example, manage) and the other required details to generate a new key and store it in the specified keystore https_keystore.jks. 
      keytool -genkey -v  -keystore https_keystore.jks 
-alias HTTPS_KEYSTORE -keyalg RSA -keysize 2048 -validity 10000

      Example:

      Create keystore
    2. Run the following command and provide the keystore password (for example, manage) to export the certificate from the keystore https_keystore, and place it in a specified location. 
      keytool -exportcert -v -alias HTTPS_KEYSTORE -file 
Installation_Dir\common\conf\https_gateway.cer -keystore 
Installation_Dir\common\conf\https_keystore.jks

      Example:

      Export keystore

      The certificate https_gateway.cer is exported from the keystore https_keystore and placed in the location Installation_Dir\common\conf\.

  2. Create a truststore and import the generated certificate.
    1. Run the following command to create a truststore file and import the generated certificate into the truststore file. 
      keytool -importcert -alias HTTPS_TRUSTSTORE -file 
Installation_Dir\common\conf\https_gateway.cer -keystore 
Installation_Dir\common\conf\https_truststore.jks

      Example:

      Create truststore file

      A truststore file https_truststore.jks is created with the imported certificate.

      You can now view the keystore and truststore files created and located at Installation_Dir\common\conf\.