Security configurationSet SSL/TLS in TomcatCreate self-signed certificates using OpenSSL

Create self-signed certificates using OpenSSL

To create a self-signed certificate using OpenSSL:

  1. Locate OpenSSL CA.pl file in the bin folder within the OpenSSL folder. This file is required to create a dummy CA certificate file.
  2. Create a temporary directory to store the certificates and navigate to it in the command line.
  3. Run the following command for your operating system. Edit the path as required.
    Linux 
    /usr/lib/ssl/misc/CA.pl -newca
    Windows 
    C:\OpenSSL-Win32\bin\CA.pl -newca

    This creates demoCA/cacert.pem (CA Certificate) and demoCA/private/cakey.pem (private key).

  4. Run the following command to make a server certificate signing request (CSR): 
    openssl req -newkey rsa:2048 -nodes -keyout newreq.pem -out newreq.pem

    Common Name is the fully qualified domain name (FQDN) of your server. This must match the host name of the server.

  5. Run the following command for your operating system. Edit the path as required.
    Linux 
    /usr/lib/ssl/misc/CA.pl -sign
    Windows 
    C:\OpenSSL-Win32\bin\CA.pl -sign

    You should have the following files:

    • cacert.pem

    • newreq.pem

    • newcert.pem

  6. Rename the following files:

    • Rename newreq.pem to serverkey.pem.

    • Rename newcert.pem to servercert.pem.