- Generate a private key
- Generate a .cert certificate with that private key
- Extract the public key from the certificate.
- Sign a file with private key and verify the signature with the public key
- Import the private key and certificate into a java keystore.
1. Generate a private key
openssl genrsa -out private.key 1024
2. Generate certificate
openssl req -new -x509 -days 365 -key private.key -out certificate.crt
That certificate is a good self signed certificate that is ready to distribute around for testing.
3. Extract public key from certificate
openssl x509 -in certificate.crt -pubkey > public.key
That will copy the certificate and the public key to the file... you need to edit the file and remove the part related to certificate and leave just the public key in the file.
4. We sign a file with private key.
openssl dgst -sha1 -sign private.key -out file_to_sign.sha1 file_to_sign
5. We verify the signature with the public key:
openssl dgst -sha1 -verify public.key -signature file_to_sign.sha1 file_to_sign
6. we import private key and certifcate to a java keystore
first we generate a p12 file
openssl pkcs12 -export -in certificate.crt -inkey private.key > server.p12
then we import this into the keystore
keytool -importkeystore -srckeystore server.p12 -destkeystore keystore.jks -srcstoretype pkcs12