Note: [Mar 23, 2017] This website was migrated to a new platform recently. Some linked content may not be accessible until all the links are configured properly,

jkscertgen : Generate a full set of CA, service and client keys and certificates in Java keystores

Submitted by Kamal Wickramanayake on June 18, 2008 - 18:33

You are into Java security. You want to generate some X.509 certificates to test your application (or use in your production environment). Here's a simple X.509 certificate generator script that makes your life very simple. Download and execute, it will do all the following and you get the keys and signed certificates.

  1. Generate four jks keystores (CA, service, client1, client2) and possibly more
  2. Self sign CA certificate with proper certificate extensions
  3. CA certify service, client1, client2 certificates with proper certificate extensions (AKI, SKI)
  4. Add service certificate to client1, client2 keystores
  5. Optionally, add client1 and client2 certificates to service

Download the script: jkscertgen.zip

Download a sample collection of public/private keys and certificates: http://www.swview.org/blog/sample-x509-certificate-collection-publicprivate-keys-java

Execute like this:

  1. Create a new directory, copy the shell script to it
  2. Make sure the script is executable (one time)
    $ chmod +x jkscertgen.sh
  3. Run the script
    $ ./jkscertgen.sh

The script can help you learn the steps required to follow to do the above as well. You are free to modify or distribute this work. Look at the script itself for directions.