To create the required files, you can use the following programs:

keytool

You can use keytool to create a TLS certificate or a Certificate Signing Request (CSR) as well as keystores and truststores in JKS format.

OpenSSL

You can use OpenSSL to create a TLS certificate or CSR as well as convert a keystore in JKS format to PEM format.

For more information about OpenSSL, see the documentation on the following website: https://www.openssl.org/docs/

The software available for download at the referenced links belongs to a third party or third parties, not Informatica. The download links are subject to the possibility of errors, omissions or change. Informatica assumes no responsibility for such links and/or such software, disclaims all warranties, either express or implied, including but not limited to, implied warranties of merchantability, fitness for a particular purpose, title and non-infringement, and disclaims all liability relating thereto.

For a higher level of security, send your CSR to a Certificate Authority (CA) to get signed certificates. If you use CA-signed certificates, you get a certificate chain with an ordered list of certificates that include the root certificate, one or more intermediate certificates, and the user certificate. Enter all certificates in the chain when you generate the PEM format.

For information about how to generate and configure custom keystore and truststore certificates, see the following KB article: Configure keystore and truststore for Cloud Data Integration for PowerCenter

You can use the TLS utility to validate your certificates. The utility verifies that the certificates are valid for communication between two hosts. For information about how to run the utility, see Validate the certificates with the TLS utility.