Warodom Werapun: Keystore for TLS/SSL #3

วันอังคารที่ 6 ธันวาคม พ.ศ. 2554

Create ca.pem/ca_pk.pem for HTTPS

openssl req -x509 -new -config openssl.cfg -days 365 -out ./new/ca.pem -keyout ./new/ca_pk.pem

Pass: 123456

ca.pem

ca_pk.pem

========

create keystore:

keytool -import -alias certificatekey -file ca.pem -keystore catruststore.jks

========

Convert for Apache

openssl rsa -in ./new/ca_pk.pem -out ./new/ca_pk.key

Got ca_pk.key (key file for apache)

openssl x509 -x509toreq -days 365 -in ./new/ca.pem -signkey ./new/ca_pk.key -out ./new/ca.req

Got ca.req (For sign certificate)

openssl x509 -in ./new/ca.req -out ./new/ca.cert -req -signkey ./new/ca_pk.key -days 365

Got ca.cert (certificate for apache)

================

create keystore:

keytool -import -alias certificatekey -file ca.cert -keystore catruststore-cert.jks

================

Create cert for browser

There are 3 choices:

1. Directly load from browser.

2. openssl x509 -inform PEM -in ./new/ca.pem -outform DER -out ./new/ca.cer

3. openssl x509 -inform PEM -in ./new/ca.cert -outform DER -out ./new/ca1.cer