Generate a self-signed certificate

(1) generate a certificate of 600 days validity of CN=dims

# ketytool -help# keytool -genkey -keyalg RSA -keysize 1024 -alias fookeystorealias -dname "CN=dims" -validity 600 -keypass password -keystore foo.p12 -storetype PKCS12 -storepass password

For example:
# keytool -genkey -keyalg RSA -keysize 1024 -alias "16c73ab6-b892-458f-abf5-2f875f74882e" -dname "CN=dims" -validity 600 -keypass security -keystore foo.p12 -storetype PKCS12 -storepass security


(2) print foo.p12 to PEM format

# openssl pkcs12 -help
# openssl pkcs12 -in foo.p12

(3) save PEM

# cat > foo.pem

copy and pasted output

-----BEGIN CERTIFICATE-----

…

-----END CERTIFICATE-----

from "openssl pkcs12 -in foo.p12" then save.

(4) print the pem to verify

# openssl x509 -in foo.pem -noout -text