Creating Certs

Before following these steps, ensure that your OpenSSL version is up to date and NOT using LibreSSL, this is to ensure you are generating v3 certificates.

Follow these steps to do so:

1. Update homebrew/install OpenSSL using these commands

brew update
brew install openssl
brew link --force openssl

2. Modify $PATH variable in ~/.zshrc

If .zshrc does not exist use this to create it:

touch ~/.zshrc

Then put this line in the file to set the proper OpenSSL path using a command line text editor of choice:

export PATH="/usr/local/opt/{MOST_RECENT_OPENSSL_VERSION_FOLDER}/bin:$PATH"

3. Check that it worked using this command:

openssl version

If this worked, following the commands below to create the certificates

---

1. Create private key
   openssl genrsa -out MyPrivateKey.key 4096

2. From private key, self-sign cert
   openssl req -key MyPrivateKey.key -new -x509 -days 3650 -out Connector.cer (answer all questions with values appropriate for client machine)

3. Create PFX file from self - signed cert
   openssl pkcs12 -export -in Connector.cer -inkey MyPrivateKey.key -out MyPFXFile.pfx

Download portecle For GUI for stesp 4,5,6

4. Create Keystore with PFX file imported and the broker's certificate (or the certificate of the service you are calling).

5. Create truststore with the broker's certificate (or the certificate of the service you are calling).

6. Update the keystore / truststore of the service you are calling with the certificate you just created.

It is important to ensure that the private key is secured and never leaves the server it was created on.

https://www.sslshopper.com/article-most-common-openssl-commands.html covers the steps for creating a key, a csr, a cert, converting to PFX, etc

---

or just run this command:

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html