Technical Information to SSL


How to create self signed certificates for testing purposes:

Use OpenSSL to create self-signed certificates in the following manner:

  • Create a self-signed certificate containing a certificate and a private key. You will be prompted to enter some information like state, company name, etc.
  • The “common name” is essential for this step. This can be the FQDN or the machine NetBIOS name.

How to create a x509 certificate and privatekey pair (base64) encrypted:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.pem -out server.pem -sha256

openssl dhparam -2 -outform PEM -out dh2048.pem 2048

How to add a certificate to a keystore:

keytool.exe -import -trustcacerts -keystore keystore -alias tomcat -file server.pem

Converting a PKCS12 package into a server.pem for Jedox

A PKCS12 contains certificates + root chain + root certificate and the privatekey (if selected in the extract).

PKCS12 unpack:

openssl pkcs12 -in cert.p12 -clcerts -nokeys -out cert.pem
openssl pkcs12 -in cert.p12 -cacerts -nokeys -out root.pem
openssl pkcs12 -in cert.p12 -nocerts -out private-key.pem

PRIVATEKEY remove password (only if privatekey is encoded with a password):

openssl rsa -in private-key.pem -out priv.key

SERVER.PEM creation on Linux:

cat cert.pem > server.pem
cat priv.key >>server.pem
cat root.pem >>server.pem

SERVER.PEM creation on Windows:

copy cert.pem+priv.key+root.pem server.pem

Converting a PKCS7 package into a server.pem for Jedox

A PKCS7 contains certificates + root chain + root certificate (if selected in the extract).

PKCS7 unpack:

openssl pkcs7 -inform DER -outform PEM -in certificate.p7b -print_certs > certificate_bundle.cer

Create server.pem:

  • create new file and name it server.pem
  • copy content of certificate_bundle.cer and your privatekey (not part of the PKCS7 bundle) into the server.pem file.

How to check if the private key matches the certificate:

Please follow the below command to view the modulus of the certificate.
openssl x509 -noout -modulus -in cert.pem | openssl md5

Now you will receive the modulus something like a77c7953ea5283056a0c9ad75b274b96

Please follow the below command to view the modulus of the private key.
openssl rsa -noout -modulus -in priv.key | openssl md5

Now you should get the modulus as same as certificate modulus above. i.e a77c7953ea5283056a0c9ad75b274b96



The content of mentioned commands has been compiled with meticulous care and to the best of our knowledge.
However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the commands or pages.

Was this post helpful?
NoYes (-1 rating, 1 votes)