• • Home
  • Articles
  • Scripts
  • Forums
  • Blog
  • Certification
  • Misc
  • Search
  • About
  • Printer Friendly

Oracle 8i | Oracle 9i | Oracle 10g | Oracle 11g | Oracle 12c | Miscellaneous | PL/SQL | SQL | Oracle RAC | Oracle Apps | Linux

Home » Articles » Linux » Here

Creating Self-Signed SSL Certificates

• keygen (Linux)
• keytool (Java)

keygen (Linux)

The keygen command allows you to generate certificate and key file pairs directly from the command line.

If they are not already installed, install the mod_ssl, openssl and crypto-utils packages.

# yum install mod_ssl openssl crypto-utils

The genkey command can generate a certificate request or a new self-signed certificate. The following command create a self-signed certificate for the specified machine.

# genkey --makeca rhce1.localdomain

The certificate and key file are created in the following locations respectively.

# ls /etc/pki/CA/
certs  crl  newcerts  private  rhce1.localdomain
# ls /etc/pki/CA/private/
rhce1.localdomain
#

keytool (Java)

The keytool utility is present as part of the Java Runtime Environment (JRE), either in the standalone JRE installation, or under the "jre" directory of the JDK installation.

The following commands creates a keystore containing a self-signed certificate.

$ mkdir ~/keystore
$ cd ~/keystore
$ export JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64
$ $JAVA_HOME/jre/bin/keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks \
   -storepass password1 -validity 360 -keysize 2048 -keypass password1

The utility asks you to provide information in the following format.

What is your first and last name?
  [Unknown]:  Tim Hall
What is the name of your organizational unit?
  [Unknown]:  Example Department
What is the name of your organization?
  [Unknown]:  Example Company
What is the name of your City or Locality?
  [Unknown]:  Birmingham
What is the name of your State or Province?
  [Unknown]:  West Midlands
What is the two-letter country code for this unit?
  [Unknown]:  GB
Is CN=Tim Hall, OU=Example Department, O=Example Company, L=Birmingham, ST=West Midlands, C=GB correct?
  [no]:  yes

Enter key password for <selfsigned>
	(RETURN if same as keystore password):  
$

Alternatively, you can provide the answers directly on the command line.

$ $JAVA_HOME/jre/bin/keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks \
   -dname "CN=Tim Hall, OU=Example Department, O=Example Company, L=Birmingham, ST=West Midlands, C=GB" \
   -storepass password1 -validity 360 -keysize 2048 -keypass password1

The following command checks the contents of the keystore.

$ $JAVA_HOME/jre/bin/keytool -list -v -keystore keystore.jks -storepass password1
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: selfsigned
Creation date: Feb 9, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Tim Hall, OU=Example Department, O=Example Company, L=Birmingham, ST=West Midlands, C=GB
Issuer: CN=Tim Hall, OU=Example Department, O=Example Company, L=Birmingham, ST=West Midlands, C=GB
Serial number: 51165df7
Valid from: Sat Feb 09 14:32:23 GMT 2013 until: Tue Feb 04 14:32:23 GMT 2014
Certificate fingerprints:
	 MD5:  DA:FF:F9:0B:EF:2D:26:DA:E9:48:22:1A:6E:7F:42:DF
	 SHA1: 46:8B:E7:DC:6B:95:69:34:85:43:A3:F7:C2:63:3B:29:F7:BD:9C:AD
	 Signature algorithm name: SHA1withRSA
	 Version: 3


*******************************************
*******************************************


$

For more information see:

• http://docs.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html

Hope this helps. Regards Tim...

Back to the Top.