Skip to content

Instantly share code, notes, and snippets.

@Koriit

Koriit/java keystore + truststore

Created October 23, 2020 11:52
Show Gist options
  • Save Koriit/b877406f5eead0b6dce5295785f92444 to your computer and use it in GitHub Desktop.
Save Koriit/b877406f5eead0b6dce5295785f92444 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
java keystore + truststore
CA
openssl genrsa -aes256 -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.crt
truststore.jks
keytool -keystore truststore.jks -alias rootca -import -file rootCA.crt
openssl signing
openssl genrsa -aes256 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 3650 -sha256 -out server.crt
or (if serial file exists)
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAserial rootCA.srl -days 3650 -out server.crt
keytool signing + keystore.jks
keytool -genkey -alias server -keyalg RSA -keystore server_keystore.jks -keysize 2048
keytool -keystore server_keystore.jks -alias server -certreq -file server.csr
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 3650 -sha256 -out server.crt
or (if serial file exists)
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAserial rootCA.srl -days 3650 -out server.crt
keytool -keystore server_keystore.jks -alias rootCA -import -file rootCA.crt
keytool -keystore server_keystore.jks -alias server -import -file server.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment