Generate an LDAP client certificate Generate an LDAP client certificate for mutual authentication using OpenSSL. The final output is a PKCS#12 certificate stored within a Java keystore. Before you beginRole required: admin About this task See the OpenSSL documentation for more information about generating certificates. These steps assume you have access to OpenSSL. Enter these commands in a command line interface. Procedure Generate a self-signed client certificate. For example, this command creates a client certificate test1-cert.crt based on the test1-key.key private key. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout test1-key.key -out test1-cert.crt Convert both the certificate file and private key to PKCS#12 (a file with a .pfx or .p12 extension). For example, this command converts the client certificate and private key to a PKCS#12 certificate called test1-certificate.pfx. openssl pkcs12 -export -out test1-certificate.pfx -inkey test1-key.key -in test1-cert.crt Generate the Java Key Store and import the pkcs12 file into it. For example, this command imports the certificate to the test1.jks Java keystore. keytool -importkeystore -srckeystore test1-certificate.pfx -srcstoretype PKCS12 -destkeystore test1.jks Upload the certificate in the keystore file (test1.jks) to the instance. What to do nextUpload a certificate to an instance Related TasksGenerate a server certificateUpload a certificate to an instanceUpload a trusted server certificate
Generate an LDAP client certificate Generate an LDAP client certificate for mutual authentication using OpenSSL. The final output is a PKCS#12 certificate stored within a Java keystore. Before you beginRole required: admin About this task See the OpenSSL documentation for more information about generating certificates. These steps assume you have access to OpenSSL. Enter these commands in a command line interface. Procedure Generate a self-signed client certificate. For example, this command creates a client certificate test1-cert.crt based on the test1-key.key private key. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout test1-key.key -out test1-cert.crt Convert both the certificate file and private key to PKCS#12 (a file with a .pfx or .p12 extension). For example, this command converts the client certificate and private key to a PKCS#12 certificate called test1-certificate.pfx. openssl pkcs12 -export -out test1-certificate.pfx -inkey test1-key.key -in test1-cert.crt Generate the Java Key Store and import the pkcs12 file into it. For example, this command imports the certificate to the test1.jks Java keystore. keytool -importkeystore -srckeystore test1-certificate.pfx -srcstoretype PKCS12 -destkeystore test1.jks Upload the certificate in the keystore file (test1.jks) to the instance. What to do nextUpload a certificate to an instance Related TasksGenerate a server certificateUpload a certificate to an instanceUpload a trusted server certificate
