# 1. Generate JKS files

In this case I use self-signed certificates, these certificates are valid for a laboratory environment.

## 1.1. Generate Store JKS a. Generate a key ```shell sudo openssl genrsa -aes256 -out soffid.pam.store.key ``` b. Generate the .pem file ```shell sudo openssl req -x509 -days 1000 -new -key soffid.pam.store.key -out soffid.pam.store.pem ``` **![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXclP1wJhrul8m4pFbErUkPsL1r2DHgUCsG9VI4rDg9zMCyrBgGITjdfH7XwMMygKAdE7GoztA-iz92CGWc0i6oATHzMDP1jPVUWLbnH4nIxWX2igVWHRMemfn1qKQUMfTs2WgmH?key=km_Egy8YZNeeBn_W6_4lj8LY)**

To bear in mind the CN (Common Name) when creating the certificate

c. Generate the .pfx file ``` sudo openssl pkcs12 -export -in soffid.pam.store.pem -inkey soffid.pam.store.key -out soffid.pam.store.pfx ``` d. Generate the .jks file ``` sudo keytool -v -importkeystore -srckeystore soffid.pam.store.pfx -srcstoretype PKCS12 \ -destkeystore soffid.pam.store.jks \ -deststoretype JKS \ -destkeypass 123456 -srcstorepass 123456 -deststorepass 123456 ``` ## 1.2. Generate Launcher JKS a. Generate a key ``` sudo openssl genrsa -aes256 -out soffid.pam.launcher.key ``` b. Generate the .pem file ``` sudo openssl req -x509 -days 1000 -new -key soffid.pam.launcher.key -out soffid.pam.launcher.pem ``` **![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXeFvIvzroHSqzmWYnKq1GPYPVVO2AL4B2THgIz4SI3nBbVnBSZE8Dm68P_pu4rheW-9gjuXrKKlPdi78KOgXL6tAGyapj3fD0kgYesza_rI4nmlu5mX41pRpz1TUBy8agcg3_Qp?key=km_Egy8YZNeeBn_W6_4lj8LY)**

To bear in mind the CN (Common Name) when creating the certificate

c. Generate the .pfx file ``` sudo openssl pkcs12 -export -in soffid.pam.launcher.pem -inkey soffid.pam.launcher.key -out soffid.pam.launcher.pfx ``` d. Generate the .jks file ``` sudo keytool -v -importkeystore -srckeystore soffid.pam.launcher.pfx -srcstoretype PKCS12 \ -destkeystore soffid.pam.launcher.jks \ -deststoretype JKS \ -destkeypass 123456 -srcstorepass 123456 -deststorepass 123456 ```