Creating self-signed certificates

A self-signed certificate is a certificate that is signed with its own private key. Self-signed certificates can be used to encrypt data just like the CA-signed certificates, but the users are shown a warning that says the certificate is not trusted by their computer or browser. Therefore, use self-signed certificates only if you do not need to prove your service identity to its users (e.g. non-production or non-public servers).

There are various tools available to generate self-signed certificates. Following section lists some of them:

• Create key store and trust store using Oracle keytool. For more information, see the following documentation:

  • Oracle documentation: Generating a key store and a trust store

  • Oracle documentation: Creating a key store in JKS format

  • Oracle JAVA Tutorial: Generating keys

• Create security certificates using the OpenSSL tool.

• Create security certificates using Mozilla NSS tool. For more information, see NSS Tools certutil.

Related topics