Creating a Self-Signed Certificate and a Private Key

Use the keytool utility to create a keystore file that contains a private key and a self-signed certificate that holds a public key.

Note

To replace an expired self-signed certificate, delete the existing keystore file, follow the procedure in this topic to create a new self-signed certificate, and then configure SSL on the Tomcat server. However, before you replace an expired self-signed certificate, you must backup your old keystore and server.xml files.

Procedure

  1. Run the following command from the C:\Program Files\Java\java_version\bin folder after substituting the parameter values.

    The command can be run from %JAVA_HOME%\bin if the %JAVA_HOME% environment variable is set.

    keytool -genkey -keyalg RSA -alias <aliasName> -keystore <file_path\keystoreFilename.jks> -validity <daysValid> -keysize 2048

    The following table displays the parameters for the keytool command:

    Parameter

    Description of Parameter Values

    alias

    The alias name for the certificate.

    keystore

    The file path and file name for the .jks file created by the keytool.

    validity

    The number of days the keystore file is valid starting from the day the keystore file is created.

    Example

    keytool -genkey -keyalg RSA -alias selfsigned -keystore "C:\mykeystore.jks" -validity 365 -keysize 2048
  2. When prompted, enter the information requested by the keytool command.

  3. Make note of the following values:

    • name and location of the keystore file

    • alias name

    • keystore password

    • key password

    Use these values to create the SP metadata XML file. For information, see Configuring Provider Metadata for SAML Integration.

What to Do Next

Configuring the SSL Connector for Tomcat Server

Loading...