Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Generate an LDAP client certificate

Log in to subscribe to topics and get notified when content changes.

Generate an LDAP client certificate

Generate an LDAP client certificate for mutual authentication using OpenSSL. The final output is a PKCS#12 certificate stored within a Java keystore.

Before you begin

Role required: admin

About this task

See the OpenSSL documentation for more information about generating certificates. These steps assume you have access to OpenSSL.

Enter these commands in a command line interface.


  1. Generate a self-signed client certificate.
    For example, this command creates a client certificate test1-cert.crt based on the test1-key.key private key.
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout test1-key.key -out test1-cert.crt
  2. Convert both the certificate file and private key to PKCS#12 (a file with a .pfx or .p12 extension).
    For example, this command converts the client certificate and private key to a PKCS#12 certificate called test1-certificate.pfx.
    openssl pkcs12 -export -out test1-certificate.pfx -inkey test1-key.key -in test1-cert.crt
  3. Generate the Java Key Store and import the pkcs12 file into it.
    For example, this command imports the certificate to the test1.jks Java keystore.
    keytool -importkeystore -srckeystore test1-certificate.pfx -srcstoretype PKCS12 -destkeystore test1.jks
  4. Upload the certificate in the keystore file (test1.jks) to the instance.

What to do next

Upload a certificate to an instance