jamesnguyen101/ssl-self-signed.txt

## ssl-self-signed.txt

## PA 1: Import the certificate into the Java Store
   keytool -import  -keystore $JAVA_HOME/jre/lib/security/cacerts -file $CERT_FILE  -storepass "changeit" -alias $ALIAS

## PA 2: run java app with arguments
java -Djavax.net.ssl.trustStore=my-domain.com.jks -Djavax.net.ssl.trustStorePassword=sb1234  Get https://selfsigned.my-domain.com

## PA 3: custom  code

...

############################################  SSL guide

	PEM_FILE=my-domain.pem
	JKS_FILE=my-domain.jks
	P12_FILE=my-domain.p12
	CSR_FILE=my-domain.csr
	KEY_FILE=my-domain.key
	CERT_FILE=my-domain.cert
	DOMAIN=my-domain.com
	PASS=ab#1234

## create self-signed certificate

	openssl genrsa -out $KEY_FILE 2048
	openssl req -new -out $CSR_FILE -key $KEY_FILE
	openssl x509 -req -days 365 -in $CSR_FILE -signkey $KEY_FILE -out $CERT_FILE

## Convert the certificate and private key to PKCS 12
	openssl pkcs12 -export -in $CERT_FILE -inkey $KEY_FILE -name $DOMAIN -out $P12_FILE

## Convert the pkcs12 to pem file
	openssl pkcs12 -in $P12_FILE -out $PEM_FILE

## Convert the pkcs12 file to a java keystore

	keytool -importkeystore -deststorepass $PASS -destkeypass $PASS -destkeystore $JKS_FILE	-srckeystore $P12_FILE -srcstoretype PKCS12 -srcstorepass $PASS -alias $DOMAIN

## convert PKCS 12 file to cert file and key|pem file
	# convert to cert file
	openssl pkcs12 -in $P12_FILE -out newfile.cert -clcerts -nokeys
	# convert to key|pem file
	openssl pkcs12 -in $P12_FILE -out newfile.key -nocerts -nodes

############################################# Java code test
import java.net.URL;
public class Get
{
   public static void main( String[] args ) throws Exception
   {
       try
       {
           new URL( args[0] ).openConnection().getInputStream();
           System.out.println( "Succeeded." );
       }
       catch( javax.net.ssl.SSLHandshakeException e )
       {
           System.out.println( "SSL exception." );
       }
   }
}


## run
javac Get.java
java Get https://selfsigned.my-domain.com

	## PA 1: Import the certificate into the Java Store
	keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -file $CERT_FILE -storepass "changeit" -alias $ALIAS

	## PA 2: run java app with arguments
	java -Djavax.net.ssl.trustStore=my-domain.com.jks -Djavax.net.ssl.trustStorePassword=sb1234 Get https://selfsigned.my-domain.com

	## PA 3: custom code

	...

	############################################ SSL guide

	PEM_FILE=my-domain.pem
	JKS_FILE=my-domain.jks
	P12_FILE=my-domain.p12
	CSR_FILE=my-domain.csr
	KEY_FILE=my-domain.key
	CERT_FILE=my-domain.cert
	DOMAIN=my-domain.com
	PASS=ab#1234

	## create self-signed certificate

	openssl genrsa -out $KEY_FILE 2048
	openssl req -new -out $CSR_FILE -key $KEY_FILE
	openssl x509 -req -days 365 -in $CSR_FILE -signkey $KEY_FILE -out $CERT_FILE

	## Convert the certificate and private key to PKCS 12
	openssl pkcs12 -export -in $CERT_FILE -inkey $KEY_FILE -name $DOMAIN -out $P12_FILE

	## Convert the pkcs12 to pem file
	openssl pkcs12 -in $P12_FILE -out $PEM_FILE

	## Convert the pkcs12 file to a java keystore

	keytool -importkeystore -deststorepass $PASS -destkeypass $PASS -destkeystore $JKS_FILE -srckeystore $P12_FILE -srcstoretype PKCS12 -srcstorepass $PASS -alias $DOMAIN

	## convert PKCS 12 file to cert file and key\|pem file
	# convert to cert file
	openssl pkcs12 -in $P12_FILE -out newfile.cert -clcerts -nokeys
	# convert to key\|pem file
	openssl pkcs12 -in $P12_FILE -out newfile.key -nocerts -nodes

	############################################# Java code test
	import java.net.URL;
	public class Get
	{
	public static void main( String[] args ) throws Exception
	{
	try
	{
	new URL( args[0] ).openConnection().getInputStream();
	System.out.println( "Succeeded." );
	}
	catch( javax.net.ssl.SSLHandshakeException e )
	{
	System.out.println( "SSL exception." );
	}
	}
	}


	## run
	javac Get.java
	java Get https://selfsigned.my-domain.com