Generating an LDAP client certificate

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Generate an LDAP client certificate for mutual authentication using OpenSSL. The final output is a PKCS#12 certificate stored within a Java keystore.

    시작하기 전에

    Role required: admin

    이 태스크 정보

    See the OpenSSL documentation for more information about generating certificates. These steps assume you have access to OpenSSL.

    Enter these commands in a command line interface.

    프로시저

    1. Generate a self-signed client certificate.
      For example, this command creates a client certificate test1-cert.crt based on the test1-key.key private key. 
      openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout test1-key.key -out test1-cert.crt
    2. Convert both the certificate file and private key to PKCS#12 (a file with a .pfx or .p12 extension).
      For example, this command converts the client certificate and private key to a PKCS#12 certificate called test1-certificate.pfx. 
      openssl pkcs12 -export -out test1-certificate.pfx -inkey test1-key.key -in test1-cert.crt
    3. Generate the Java Key Store and import the pkcs12 file into it.
      For example, this command imports the certificate to the test1.jks Java keystore. 
      keytool -importkeystore -srckeystore test1-certificate.pfx -srcstoretype PKCS12 -destkeystore test1.jks
    4. Upload the certificate in the keystore file (test1.jks) to the instance.
      주:

      If you are uploading to an on-premise instance using a certificate with the .jks extension and you receive an error saying "No valid certificate found to process the application upload", use a certificate with the .pfx extension instead.

    다음에 수행할 작업

    Uploading a certificate to an instance