Java CA Gen This is a small Java program using Bouncycastle APIs to create a root CA private key and certificate, then use it to sign a server certificate that can then be used on an SSL server.
When developing microservices that need 1-way or 2-way SSL the usual advice is to use self-signed SSL certificates. But this causes problem when clients try to conenct to it. Now you are left the dirty job of subverting the server SSL certificate verification by the client SSL socket layer. Leave alone the complex nature, this can also lead to security holes when development-level trust somehow gets into deployed instanes of the microservice.. So here we are generating actual certificates that are signed by a local CA.
Alonside of the location from which the command was run two files will be placed - the root CA cert file and the root CA key file. Warning: the <>-key.pem file that is generated gives complete power to intercept secure requests from your machine. Do not share it.
The certificate will contain a list of DNS names and/or IP addresses from the command line flags. The key and certificate are placed in a new directory whose name is chosen as the first domain name from the certificate, or the first IP address if no domain names are present.
- Clone the repository
- On a commandline issue
./gradlew clean build - The uberjar will get built under $PROJECT_HOME/build/libs
java -jar ca-gen.jar --domains localhost,mydomain.org