Generating a self-signed SSL certificate using the Java keytool command (2004193)
A certificate generated using the Java keytool command is compatible with products such as Apache Tomcat, vFabric tc Server and Eclipse Virgo and can be used to provide secure encrypted communications.
This article provides steps to generate a self-signed SSL certificate using the Java keytool command.
To generate a self-signed SSL certificate using the keytool command on Windows, Mac, or Linux:
- Open a command prompt or terminal.
Run this command:
keytool -genkey -keyalg RSA -alias tomcat -keystore selfsigned.jks -validity <days> -keysize 2048
Where <days> indicate the number of days for which the certificate will be valid.
- Enter a password for the keystore. Note this password as you require this for configuring the server.
- When prompted for first name and last name, enter the domain name of the server. For example, myserver or myserver.mycompany.com.
- Enter the other details, such as Organizational Unit, Organization, City, State, and Country.
- Confirm that the information entered is correct.
- When prompted with Enter key password for <tomcat>, press Enter to use the same password as the keystore password.
- Run this command to verify the contents of the keystore:
keytool -list -v -keystore selfsigned.jks
- When prompted, enter the keystore password note in Step 3. The basic information about the generated certificate is displayed. Verify that the Owner and Issuer are the same. Also, you should see the information you provided in Step 4 and 5.