# Generate Keystore ### Generate Keystores To generate a keystore for our API's and web manager, which is used to enable HTTPS, you can use the following command: ```shell keytool -genkeypair -alias -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=" -keypass -keystore ./cert/.p12 -storetype PKCS12 -storepass ``` This command generates a keystore with the following properties: * \: The alias for the service (e.g. device-api) * \: The domain name for the service (e.g. deviceapi) * \: The password for the keystore and private key * ./cert/\.p12: The file path and name for the generated keystore ### Export the public certificate Once you have generated a keystore, you can export the public certificate using the following command: ```shell keytool -export -alias -keystore ./cert/.p12 -storepass -file ./cert/.cer -rfc ``` This command exports the public certificate with the following properties: * \: The alias for the service (e.g. device-api) * \: The keystore file containing the private key and certificate (e.g. ./cert/deviceapi.p12) * \: The password for the keystore * \: The domain name for the exported certificate file (e.g. deviceapi.cer) * ./cert/\.cer: The file path and name for the exported public certificate The exported public certificate is then used on devices to establish a secure connection to our API. Specifically, the certificate is installed on devices to enable them to trust our API's SSL/TLS connection, allowing for encrypted communication between the device and our API. Note: Make sure to update your hosts file with an entry for the domain name (e.g. 127.0.0.1 deviceapi) to enable local development. 1. Open `hosts` file: * On Unix-like systems (Linux, macOS), this directory is typically `/etc/hosts`. * On Windows, this directory is typically `%SystemRoot%\System32\drivers\etc\hosts`. 2. Add the following lines to the `hosts` file: ```text 127.0.0.1 deviceapi # Hlæja Device API ```