Generating Self-Signed RSA Keys Using OpenSSL

Use the PKCS12 Keystore file in the $ESP_HOME/adapters/esp_open/lib/security directory to generate self-signed RSA keys using OpenSSL.

Generate CA private key.

openssl genrsa -rand -des3 -out ca.key 512

Use that key to create the CA certificate.

openssl req -new -x509 -days 365 -key ca.key -out ca.pem -outform PEM

Export the CA certificate so it can be imported into clientTrustStore.
```
openssl x509 -in ca.pem -out caCert.pem -outform PEM -signkey ca.key
```

Generate the server private key.

openssl genrsa -rand -des3 -out server.key 512

Create a server certificate.

openssl req -new -days 365 -key server.key -out server.crs

Sign the server certificate with your CA certificate.

openssl ca -in server.crs -out signedServerCert.pem -keyfile ca.key -cert caCert.pem

Export the certificate to PKCS#12 format so it can be imported to Queue Manager store.

openssl pkcs12 -export -in signedServerCert.pem -out pkcs12KeyStore.p12 -inkey server.key -name adaptor

Parent topic: PasswordEncryptor

Created August 28, 2012. Send feedback on this help topic to Sybase Technical Publications: pubs@sybase.com