I'm looking for help, i.e. clear instructions (step-by-step), how to create all required certificates using openssl and mainly to create a valid self-signed Java keystore. Background: We are currently developing an application which will trade using Interactive Brokers (IB) Client Portal API, more info here: [login to view URL] Please note that there are other API, but we are currently only interested in the Client Portal API. For connectivity, IB requires us to use a Gateway which you can download from the URL above. All the instructions on starting the Gateway are available in the Getting Started page in the URL above. The Gateway uses Java keystore as the SSL certificate for browser secure connection, but the one that is provided in the ZIP file has expired, and according to the FAQs in the Getting Started page it is possible to replace it by creating a new self-signed keystore. I would need you to provide clear steps on how to create the keystore which is valid and accepted by the browser. Please note, that I have already tried the instructions suggested in FAQs, and it did not work.