Daniel When not delving into obscure PDF or Java bugs, Daniel is exploring the new features in JavaFX.

How to create your own test certificates and keys for signing PDF files

1 min read

From a practical point of view you need one of two sort of files in order to sign something.  Either a keystore file or a pfx file. A keystore file is basically a file representing a associated array.  The keystore needs an equivalent of a username and password so you can open it.  Each element of the map points to a list of certificates (a certificate chain).  The keys for the elements are called aliases and are represented by a string and they also have a password as well.

A Keystore file can be created fairly easily with the keytool software that comes with a Java installation. Open up whatever Java folder you have (I’m using Windows, so its in Program Files/Java) and look in either a JRE or JDK folder and you should find a keytool.exe.  To generate a keystore open a console window and type in something like:

keytool -genkey -alias myAlias -keyalg RSA -keystore \path\keystoreName

This generates a keystore called keystoreName using myAlias to identify it and encrypt it with RSA.  You’ll then get a bunch of questions to fill in starting with the password for the keystore as a whole. The last thing it asks for is a password for the entry with the certificate chain, the mapping also has the same alias as the alias specified to identify the keystore as a whole, just to keep you on your toes!

You can also generate a certificate if you feel that way inclined:

keytool -export -alias myAlias -file \path\somecert.cer -keystore \path\keystoreName

It will then ask for the keystore password and create a certificate called somecert.cer.  If you like you can double click on the certificate in Windows and it will ask to install it to your trusted certificates.

If you have a finite life span you may want to generate a .pfx file instead. In Windows open a console window, cd to somewhere sensible and type:

cipher /r:whateveryoulike.

Enter a password and you have a certificate (whateveryoulike.cert) and a .pfx file (whateveryoulike.pfx).  Ta-da!



Our software libraries allow you to

Convert PDF to HTML in Java
Convert PDF Forms to HTML5 in Java
Convert PDF Documents to an image in Java
Work with PDF Documents in Java
Read and Write AVIF, HEIC, WEBP and other image formats
Daniel When not delving into obscure PDF or Java bugs, Daniel is exploring the new features in JavaFX.

2 Replies to “How to create your own test certificates and keys…”

  1. Hi Daniel,

    Could you please share some knowledge about signature in pdf via some posts ? I am a developer current get struggling to sign a pdf by the way it supports. I suppose that I have a digital Id stored in a device like a smart card, what I got from the card is a signature and a certificate (the card has a program in it to sign a message using private-key stored inside it). how do I put in into the pdf ?

    Regards,
    Thuan.

Comments are closed.