Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Generate an LDAP client certificate

Generate an LDAP client certificate

Generate an LDAP client certificate for mutual authentication using OpenSSL. The final output is a PKCS#12 certificate stored within a Java keystore.

Before you begin

Role required: admin

About this task

See the OpenSSL documentation for more information about generating certificates.

These steps assume you have access to OpenSSL.

Enter these commands in a command line interface.


  1. Generate a self-signed client certificate.
    For example, this command creates a client certificate test1-cert.crt based on the test1-key.key private key.
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout test1-key.key -out test1-cert.crt
  2. Convert both the certificate file and private key to PKCS#12 (a file with a .pfx or .p12 extension).
    For example, this command converts the client certificate and private key to a PKCS#12 certificate called test1-certificate.pfx.
    openssl pkcs12 -export -out test1-certificate.pfx -inkey test1-key.key -in test1-cert.crt
  3. Generate the Java Key Store and import the pkcs12 file into it.
    For example, this command imports the certificate to the test1.jks Java keystore.
    keytool -importkeystore -srckeystore test1-certificate.pfx -srcstoretype PKCS12 -destkeystore test1.jks
  4. Upload the certificate in the keystore file (test1.jks) to the instance.