User Tools

Site Tools

Generate a key pair and a self-signed SSL certificate using Keystore Explorer

Download and Open Keystore Explorer. (

click on create a new Keystore,

select JKS and click OK,

click on Tools→Generate key pair,

select RSA with key size 2048, then OK,

click Edit name,

fill in each field on the form with the relevant data. Common Name must be the name of the EASA Server. Click OK twice,

Enter tomcat as Key Pair Entry Alias. Click OK,

Enter 123123 as Key Pair Entry Password. Click OK,

Key Pair and Certificate will be created,

click File→Save,

enter 123123 as Password for Keystore file,

  • select a folder in which to save the Keystore file, we use New Folder
  • select filename easastore.jks and file type Keystore Files

right-click tomcat and select Export Certificate Chain

  • select
    • Entire Chain
    • PKCS #7
    • tick PEM
    • browse to an export folder, New Folder in our example,

  • navigate to the export folder.
  • double-click tomcat.p7b to open the keystore with Windows Certificates Manager

select our certificate, right-click on it, select All Tasks→Export

  • keep all defaults, except save File Name as tomcat.cer in the export folder, New Folder
  • click Finish

  • close Keystore Explorer and Windows Certificates Manager.
  • copy the file <EASAROOT>\jre\lib\security\cacerts to New Folder which has the newly created keystore and certificates.
  • open Keystore Explorer. Select File→Open, browse to cacerts
    • → the password is changeit

  • click on Tools→Import Trusted Certificate

  • select tomcat.cer and click Import

The certificate is 'self-signed' which does not involve a trusted third-party Certificate Authority so click OK to examine the certificate.

click OK to accept the certificate,

confirm Yes

set the Alias to tomcat and click OK twice,

save cacerts file and close Keystore Explorer