Generating a Self Signed Certificate Using Keytool - spring-boot-in-practice/repo GitHub Wiki

In this section, you'll learn how to generate a self-signed certificate using JDK's Keytool utility. You can run the following command to create the certificate:

keytool -genkeypair -alias sbip -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore sbip.p12 -validity 3650 -storepass p@ssw0rd

Following is a brief explanation of various parts of the above command:

• genkeypair: Generates a key pair
• alias: the alias name of the certificate we are generating
• keyalg: The cryptographic algorithm to generate the key pair
• keysize: the size of the key. We've used 2048 bits key size
• storetype: the type of the keystore. We've used PKCS12 format
• keystore: Name of the keystore
• validity: validity of the keys in terms of days
• storepass: Password to access the store

While you execute the above command, you'll find the following information:

keytool -genkeypair -alias sbip -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650 -storepass p@ssw0rd
What is your first and last name?
  [Unknown]:
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 3,650 days
        for: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown

In the end, we'll have a Keystore containing a new SSL certificate. You can use this in your Spring Boot application.