Generating a Self-Signed Certificate with "keytool"
This section provides a tutorial example on how to generate a self-signed certificate using the 'keytoo' command from JDK (Java Development Kit).
In order to learn how to use X.509 certificate tokens, we need to create a certificate first.
The easiest way is to create a self-signed certificate using the "keytool" command provided in JDK (Java Development Kit).
Run the following command in a command window, assuming JDK is installed:
C:\herong>"\Program Files\java\jdk1.8.0\bin\keytool" -genkeypair
-keystore MyKeyStore.jks -alias MyCertificate
Enter keystore password: MyKeyStore
Re-enter new password: MyKeyStore
What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=Herong, OU=MyUnit, O=MyOrg, L=MyCity, ST=MyState, C=UN correct?
Enter key password for <MyCertificate>
(RETURN if same as keystore password): MyCertificate
Re-enter new password: MyCertificate
The above command did the following:
- A private-public key pair was generated using the default algorithm, DSA (Digital Signature Algorithm).
- A self-signed certificate was created binding the public key to the owner "Herong".
- Both the key pair and the certificate were saved as a key store entry called "MyCertificate".
This key store entry is protected by password: "MyCertificate".
- The "MyCertificate" entry was save in a new JKS (Java KeyStore) file called "MyKeyStore.jks".
This JKS file is protected by password: "MyKeyStore".
Run the following command to check the JKS file and its key store entries:
C:\herong>"\Program Files\java\jdk1.8.0\bin\keytool" -list
-keystore MyKeyStore.jks -storepass MyKeyStore
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mycertificate, Mar 1, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1):
The output confirms that the JKS file has a key store entry called "mycertificate".
Last update: 2014.
Table of Contents
About This Book
Introduction to Web Service
Introduction to SOAP (Simple Object Access Protocol)
SOAP Message Structure
SOAP Message Transmission and Processing
SOAP Data Model
SOAP RPC Presentation
SOAP Properties Model
SOAP Message Exchange Patterns
SOAP HTTP Binding
SOAP Perl Implementations
SOAP PHP Implementations
SOAP Java Implementations
Perl SOAP::Lite - SOAP Server-Client Communication Module
Perl Socket Test Program for HTTP and SOAP
Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service
Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services
Perl SOAP::Lite 0.710 for WSDL
PHP SOAP Extension Client Programs
PHP SOAP Extension Server Programs
Java Socket and HttpURLConnection for SOAP
SAAJ - SOAP with Attachments API for Java
SoapUI - SOAP Web Service Testing Tool
WS-Security - SOAP Message Security Extension
►WS-Security X.509 Certificate Token
What Is WS-Security X.509 Certificate Token Profile?
What Is XML Signature Syntax and Processing?
►Generating a Self-Signed Certificate with "keytool"
SoapUI Configuration for Messaging Signing
Generating Digital Signature with SoapUI
Validating ds:Signature with X.509 Certificate
Digital Signature Options Supported in SoapUI
What Is XML Encryption Syntax and Processing?
SoapUI Configuration for Messaging Encryption
"not an RSA key" - Encryption Failed in SoapUI
Encryption using RSA Public Key with SoapUI
2-Step Message Encryption - Symmetric and RSA
Decrypting Encrypted SOAP Message
Message Encryption Options Supported in SoapUI
Web Services and SOAP Terminology
PDF Printing Version