How to create self signed certificates for testing purposes:
- Create a self-signed certificate containing a certificate and a private key. You will be prompted to enter some information like state, company name, etc.
- The “common name” is essential for this step. This can be the FQDN or the machine NetBIOS name.
How to create a x509 certificate and privatekey pair (base64) encrypted:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.pem -out server.pem -sha256
openssl dhparam -2 -outform PEM -out dh2048.pem 2048
How to add a certificate to a keystore:
keytool.exe -import -trustcacerts -keystore keystore -alias tomcat -file server.pem
Converting a PKCS12 package into a server.pem for Jedox
A PKCS12 contains certificates + root chain + root certificate and the privatekey (if selected in the extract).
openssl pkcs12 -in cert.p12 -clcerts -nokeys -out cert.pem
openssl pkcs12 -in cert.p12 -cacerts -nokeys -out root.pem
openssl pkcs12 -in cert.p12 -nocerts -out private-key.pem
PRIVATEKEY remove password (only if privatekey is encoded with a password):
openssl rsa -in private-key.pem -out priv.key
SERVER.PEM creation on Linux:
cat cert.pem > server.pem
cat priv.key >>server.pem
cat root.pem >>server.pem
SERVER.PEM creation on Windows:
copy cert.pem+priv.key+root.pem server.pem
Converting a PKCS7 package into a server.pem for Jedox
A PKCS7 contains certificates + root chain + root certificate (if selected in the extract).
openssl pkcs7 -inform DER -outform PEM -in certificate.p7b -print_certs > certificate_bundle.cer
- create new file and name it server.pem
- copy content of certificate_bundle.cer and your privatekey (not part of the PKCS7 bundle) into the server.pem file.
How to check if the private key matches the certificate:
Please follow the below command to view the modulus of the certificate.
openssl x509 -noout -modulus -in cert.pem | openssl md5
Now you will receive the modulus something like
Please follow the below command to view the modulus of the private key.
openssl rsa -noout -modulus -in priv.key | openssl md5
Now you should get the modulus as same as certificate modulus above. i.e
The content of mentioned commands has been compiled with meticulous care and to the best of our knowledge.
However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the commands or pages.