Upload your certificate using the certificate parameter in the setWebhook method. The certificate supplied should be PEM encoded (ASCII BASE64), the pem file should only contain the public key (including BEGIN and END portions). When converting from a bundle format, please split the file to only include the public key.
Windows binaries for Openssl are available online
openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"
YOURPUBLIC.pem has to be used as input for setting the self-signed webhook.
You can inspect the generated certificate with:
openssl x509 -text -noout -in YOURPUBLIC.pem
Converting from a previously generated DER:
openssl x509 -inform der -in YOURDER.der -out YOURPEM.pem
Converting from a previously generated PKCS12:
openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem
More information: https://www.openssl.org/
Generate self-signed JKS:
keytool -genkey -keyalg RSA -alias YOURDOMAIN.EXAMPLE -keystore YOURJKS.jks -storepass YOURPASSWORD -validity 360 -keysize 2048
Converting JKS to pkcs12 (intermediate step for conversion to PEM):
keytool -importkeystore -srckeystore YOURJKS.jks -destkeystore YOURPKCS.p12 -srcstoretype jks -deststoretype pkcs12
Convert PKCS12 to PEM (requires openssl):
openssl pkcs12 -in YOURPKCS.p12 -out YOURPEM.pem
More information: https://docs.oracle.com
Creating a self-signed certificate using Windows native utilities is also possible, although OpenSSL binaries for Windows are available online.
On the commandline:
certreq -new TEMPLATE.txt RequestFileOut
TEMPLATE.txt example file:
[NewRequest]
; At least one value must be set in this section
Subject = "CN=DOMAIN.EXAMPLE"
KeyLength = 2048
KeyAlgorithm = RSA
HashAlgorithm = sha256
;MachineKeySet = true
RequestType = Cert
UseExistingKeySet=false ;generates a new private key (for export)
Exportable = true ;makes the private key exportable with the PFX
A self-signed certificate will be generated and installed, to view the certificate:
certutil -store -user my
To export in DER format (intermediate step for conversion to PEM)
certutil -user -store -split my SERIALNUMBER YOURDER.crt
Converting to PEM (used for setting the webhook)
certutil -encode YOURDER.crt YOURPEM.cer
To delete a certificate from your store:
certutil -delstore -user my SERIALNUMBER
(from view)
To export in PFX(PKCS12) format
certutil -exportpfx -user YOURDOMAIN.EXAMPLE YOURPKCS.pfx NoChain
More information: https://technet.microsoft.com
Converting YOURPKCS.pfx to PEM including the private key is best done with OpenSSL:
openssl pkcs12 -in YOURPKCS.pfx -out YOURPEM.cer
Remember that only the public key is needed as input for the self-signed webhook certificate parameter. certmgr.msc can also be used as a GUI to export the public part of self-signed certificates to PEM.