Key Info

Create a self-signed CA:

1. Using 'openssl' run the following command:
   openssl genrsa –out CA.key 2048
2. Next, the CA needs its own certificate:
   openssl req –new –x509 –days 3650 –key CA.key –out CA.crt

Create FLAREclient certificate and key pair:

1. First we need to create the private key:
   openssl genrsa -out FLAREclient.key 2048
2. Next we need to create a “Certificate Signing Request”:
   openssl req –new –key FLAREclient.key –out FLAREclient.csr
3. Now we need to sign the certificate:
   openssl x509 -req –days 3650 –CA CA.crt –CAkey CA.key –set_serial 01 –in FLAREclient.csr –out FLAREclient.crt

Convert the FLAREclient certificate and key pair into a Java KeyStore

1. First we need to convert the x509 cert and key to a pkcs12 file (make sure you put a password on the p12 file):
   openssl pkcs12 –export –in FLAREclient.crt –inkey FLAREclient.key –out FLAREclient.p12 –name client –CAfile CA.crt –caname rootCA

2. Finally convert the pkcs12 file to a Java KeyStore:
   keytool –importkeystore –deststorepass YourPassWd –destkeypass YourPassWd –destkeystore FLAREclient.jks –srckeystore FLAREclient.p12 –srcstoretype PKCS12 –srcstorepass YourPassWd –alias client

Now, you can use FLAREclient.jks as the publisher and subscriber KeyStore, as well as the TrustStore (assuming you add the FLAREgateway certificate as a trusted certificate).

To add the FLAREgateway certificate as a trusted certificate, use the following:

keytool –import –alias FLAREgateway –keystore FLAREclient.jks –file /path/to/FLAREgateway.crt

For more detailed instructions, please consult the FLAREclient Installation and Usage guide.