Add a set of certificates for use in testing the server with SSL and StartTLS. The certificates are valid for 20 years, so we won't need to change them for a while. They are self-signed, but there are also trust stores available so that clients can trust them without needing to resort to blindly trusting all certificates. There is a client certificate that is adequate for use with SASL EXTERNAL. Both the client and server certificates are available in both JKS and PKCS#12 formats. The commands used to generate these certificates are as follows: $ /usr/java5/bin/keytool -genkey -alias server-cert -keyalg rsa -dname 'CN=OpenDS Test Certificate,O=OpenDS.org' -keystore server.keystore -storepass password -keypass password $ /usr/java5/bin/keytool -selfcert -alias server-cert -validity 7305 -keystore server.keystore -storepass password $ /usr/java5/bin/keytool -export -rfc -alias server-cert -file /tmp/server.cert -keystore server.keystore -storepass password $ /usr/java5/bin/keytool -import -alias server-cert -file /tmp/server.cert -keystore server.truststore -storepass password $ /usr/java5/bin/keytool -genkey -alias client-cert -keyalg rsa -dname 'CN=Test User,O=Test' -keystore client.keystore -storepass password -keypass password $ /usr/java5/bin/keytool -selfcert -alias client-cert -validity 7305 -keystore client.keystore -storepass password $ /usr/java5/bin/keytool -import -alias server-cert -file /tmp/server.cert -keystore client.truststore -storepass password $ /usr/java5/bin/keytool -export -rfc -alias client-cert -file /tmp/client.cert -keystore client.keystore -storepass password $ /usr/java5/bin/keytool -import -alias client-cert -file /tmp/client.cert -keystore server.truststore -storepass password $ /usr/java5/bin/keytool -import -alias client-cert -file /tmp/client.cert -keystore client.truststore -storepass password $ keytool -importkeystore -srckeystore server.keystore -destkeystore server-cert.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password -srcalias server-cert -destalias server-cert -srckeypass password -destkeypass password $ keytool -importkeystore -srckeystore client.keystore -destkeystore client-cert.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password -srcalias client-cert -destalias client-cert -srckeypass password -destkeypass password