Thank you for your feedback.

Generate an LDAP client certificate

Generate an LDAP client certificate

Generate an LDAP client certificate for mutual authentication using OpenSSL. The final output is a PKCS#12 certificate stored within a Java keystore.

Before you begin

Role required: admin

About this task

See the OpenSSL documentation for more information about generating certificates.

These steps assume you have access to OpenSSL.

Enter these commands in a command line interface.


  1. Generate a self-signed client certificate.

    For example, this command creates a client certificate test1-cert.crt based on the test1-key.key private key.

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout test1-key.key -out test1-cert.crt

  2. Convert both the certificate file and private key to PKCS#12 (a file with a .pfx or .p12 extension).

    For example, this command converts the client certificate and private key to a PKCS#12 certificate called test1-certificate.pfx.

    openssl pkcs12 -export -out test1-certificate.pfx -inkey test1-key.key -in test1-cert.crt

  3. Generate the Java Key Store and import the pkcs12 file into it.

    For example, this command imports the certificate to the test1.jks Java keystore.

    keytool -importkeystore -srckeystore test1-certificate.pfx -srcstoretype PKCS12 -destkeystore test1.jks

  4. Upload the certificate in the keystore file (test1.jks) to the instance.

Products > ServiceNow Platform > Platform Security; Versions > Istanbul