Steps to Create Self Signed Certificate for use with C# Thrift Server and Java Thrift Client over SSL

The C# implementation of Thrift does not have build in support for SSL as of version 0.8.0.27874. It doesn't seems like there is any interest in integrating the two provided solutions, https://issues.apache.org/jira/browse/THRIFT-181 and https://issues.apache.org/jira/browse/THRIFT-66, from the community either. The Java implementation does have support for SSL though.

Unfortunately, I have a need to provide a Thrift service over SSL using C#. I used the solution provided in issue 181.

This is the story on how I went about creating a self signed certificate for the server and client side.

This is what I have on my computer
1. .Net 4.0
2. Java SDK

Create the self signed certificate on Windows
(I am using Windows 7)

1. Open IIS Manager
2. Click on your computer name on the left pane. It should look something like this.

3. Double click on Server Certificates
4. Right click and select Create Self-Signed Certificate

5. Enter "Thrift Self Signed Certificate Demo" or whatever name you want to give your certificate.
6. Export the Certificate by right click on it and select Export.
7. Fill in the file name for the certificate and the password. You should see a pfx file created in your chosen directory. For this demo purpose, my exported certificate file name is ThriftSelfSignedCertificateDemo.pfx Now we have a self signed certificate.

Convert the Certificate to JKS store type

1. For the next couple of steps you will need to have a copy of openssl. If you don't have it then you can download it from http://slproweb.com/products/Win32OpenSSL.html. I downloaded "Win64 OpenSSL v1.0.1c Light" and "Visual C++ 2008 Redistributables (x64)"
2. Open up a command prompt
3. Type in

openssl.exe pkcs12 -in ThriftSelfSignedCertificateDemo.pfx -out ThriftSelfSignedCertificateDemo.pem

4. Enter the password you provided during the certificate export process.
5. Enter in a new password for the PEM file.
6. Next type in

openssl.exe pkcs12 -export -in ThriftSelfSignedCertificateDemo.pem -out ThriftSelfSignedCertificateDemo.p12 -name " ThriftSelfSignedCertificateDemo"

7. Enter the password you provided during the PEM export process
8. Enter in a new password for p12 file.
9. Finally, we are ready to create the jks file. Type in keytool -importkeystore -srckeystore ThriftSelfSignedCertificateDemo.p12 -destkeystore  ThriftSelfSignedCertificateDemo.jks -srcstoretype pkcs12 -deststoretype JKS
10. Enter a password for the new JKS keystore
11. Enter the password you provided when creating the p12 file

Now you have all the necessary certificates for the Java Thrift client ssl and C# Thrift Server ssl.

ThriftSelfSignedCertificateDemo.jks is for the Java client.
ThriftSelfSignedCertificateDemo.pfx is for the C# server.