Index

Table of contents

SSL certificates & the keystore

default keystore location
[JAVA_HOME]/jre/lib/security/cacerts
Create a new keystore:
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
Importing certificate:
keytool -keystore cacerts -importcert -noprompt -trustcacerts -storepass changeit -alias [alias] -file certificate.crt
importing .der file:
keytool -import -keystore cacerts -file -storepass changeit -alias [alias] certificate.der
show certificate properties
keytool -printcert -file /path/to/certificate.pem
list certificates:
keytool  -v  -list  -keystore [/path/to/]security/cacerts -storepass changeit
delete certificate
keytool -delete -storepass changeit -keystore cacerts -alias mydomain

Generating a self signed certificate

create key file & crt file
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls/selfsigned.key -out /tmp/tls/selfsigned.crt
more info
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04
testing your certificate configuration on a public website
https://digicert.com/help

official TLS certificates

creating a valid keystore for serving up HTTPS
cat *.key *.crt > combined.crt
openssl pkcs12 -export -in combined.crt -inkey [key file] -out temp.p12
keytool -importkeystore -deststorepass [password] -destkeypass [password] -destkeystore store.jks -srckeystore temp.p12 -srcstoretype PKCS12 -srcstorepass [password]
system property for debugging SSL handshake in java
java -Djavax.net.debug=all  ...
making an attempt to setup an SSL connection
openssl s_client -connect [domain]:443
further trouble shooting
https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https