Software AG Products 10.7 | Configuring API Gateway | Securing API Gateway and its Components | How do I Secure API Data Store Communication using HTTPS? | Creating a Custom Keystore with Self-Signed Certificates
 
Creating a Custom Keystore with Self-Signed Certificates
You have to perform this procedure if your organization does not have policies and procedures in place regarding the generation and use of digital certificates and certificate chains, including the use of certificates signed by a CA but want to generate a self-signed certificate and import them into the keystore and truststore.
1. Create a new keystore with a self-signed certificate.
a. Run the following command, and provide the keystore password (for example, manage) and the other required details to generate a new key and store it in the specified keystore https_keystore.jks.
keytool -genkey -v -keystore https_keystore.jks
-alias HTTPS_KEYSTORE -keyalg RSA -keysize 2048 -validity 10000
Example:
b. Run the following command and provide the keystore password (for example, manage) to export the certificate from the keystore https_keystore, and place it in a specified location.
keytool -exportcert -v -alias HTTPS_KEYSTORE -file
Installation_Dir\common\conf\https_gateway.cer -keystore
Installation_Dir\common\conf\https_keystore.jks
Example:
The certificate https_gateway.cer is exported from the keystore https_keystore and placed in the location Installation_Dir\common\conf\.
2. Create a truststore and import the generated certificate.
a. Run the following command to create a truststore file and import the generated certificate into the truststore file.
keytool -importcert -alias HTTPS_TRUSTSTORE -file
Installation_Dir\common\conf\https_gateway.cer -keystore
Installation_Dir\common\conf\https_truststore.jks
Example:
A truststore file https_truststore.jks is created with the imported certificate.
You can now view the keystore and truststore files created and located at Installation_Dir\common\conf\.