Monday, 20 March 2017

Creating a self-signed certificate on Windows 7


Using the Internet Information Services(IIS)

By default, IIS 7.5 is not installed on Windows® 7 Professional, Enterprise, or Windows® 7 Ultimate. You can install IIS by clicking Windows Features in Advanced Options under Programs in Control Panel.

Installing IIS using UI

1. Click Start and then click Control Panel.
2. In Control Panel, click Programs and then click Turn Windows features on or off.
3. In the Windows Features dialog box, click Internet Information Services and then click OK.


Creating Self signed Certificate

4. Click Start, and in the Start Search box, type inetmgr and press ENTER.
5. Click the computer name (top of the tree on top-left).
6. Double click 'server certificates' from center pane.
7. Click on the option of 'create self-signed certificate' from the right pane.
8. Give some name for the certificate and click Ok.

Exporting the certificate to save locally

9. In the IIS console under Server Certificates, you would be able to see the certificate you created just now.
10. Double-click on the certificate that you created which will open up the certificate in separate window.
11. Go to the details tab and click Copy to File.. which will open a Certificate export Wizard in separate window.
12. Click Next.
13. Select "No,do not export the private key" and click Next again.
14. Select DER encoded binary x.509(.CER) and click Next.
15. Give the name(eg: LocalSSLCertificate) and path where you want to save this certificate locally and click Next.
16. Click Finish.
17. Repeat steps 9-16 with step 13 as Select "Yes, export the private key" and step 14 as Select Personal Information Exchange -PKCS #12(.pfx)
18. For exporting the the certificate as pfx, you will be prompted to enter and re-enter password. Remember the password which will be used later (eg:changeit)

Creating the keystore file

Very important do not miss this step --> Navigate to the bin folder of your respective JRE/JDK (i.e. C:\Program Files\Java\jdk1.6.0_37\bin for Windows 7).  Failure to follow this step will yield the following error: keytool' is not recognized as an internal or external command, operable program or batch file' when attempting to run the below command requiring the keytool.exe file to be present.

Next Go to Start->All Programs->Accessories
Right click on Command Prompt and select Run as administrator

Run the following commands.

keytool -import -keystore jboss.jks -file D:localSSLcertificate.cer
Enter keystore  password: changeit
Re-enter  new password: changeit
Trust this certificate? [no]:  y
Certificate was added to keystore

keytool -importkeystore -keystore jboss.jks -srckeystore D:localSSLcertificate.pfx -srcstoretype PKCS12
Enter destination keystore password: changeit
Enter source keystore password: changeit

You will need to put the jboss.jks file in a place where all your current and future JBoss 7 installations can use it, as follows:

  1. In your Projects directory, create the directory Jboss
  2. Create the directory certs in the jboss directory you created above
  3. copy the file jboss.jks  to the jboss/certs directory you created above.
Enjoy Reading.

No comments:

Post a Comment