In this example, we create an HTTPS server daemon that waits for a client browser connection and returns "Hello, World!". The browser connects to this daemon via https://localhost:8080.

We first create a machine certificate. The name must match the machine name of the computer where the daemon runs; in this case, localhost. In addition, we cannot use the same .keystore we have used in the past. We must create a separate keystore just for the machine certificate. In this case, it has the name sslKeyStore.

D:\IBM>keytool -genkey -v -keyalg RSA -alias MachineCert 
  -keystore sslKeyStore
Enter keystore password:  password
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  Security
What is the name of your organization?
  [Unknown]:  Company, Inc.
What is the name of your City or Locality?
  [Unknown]:  Machine Cert City
What is the name of your State or Province?
  [Unknown]:  MN
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=localhost, OU=Security, O="Company, Inc.", L=Machine Cert City, 
ST=MN, C=US correct?
  [no]:  y

Generating 1,024 bit RSA key pair and self-signed certificate (MD5WithRSA)
   for: CN=localhost, OU=Security, O="Company, Inc.", L=Machine Cert City,
ST=MN, C=US
Enter key password for <MachineCert>
        (RETURN if same as keystore password):
[Saving sslKeyStore]

Then, we start the server daemon process specifying the special keystore and its password:

D:\IBM>java -Djavax.net.ssl.keyStore=sslKeyStore
 -Djavax.net.ssl.keyStorePassword=password HTTPSServerExample

After waiting a few seconds, fire up a browser and point it to https://localhost:8080 and you should be prompted on whether or not to trust the certificate. Selecting "yes" should display "Hello World!", and clicking on the lock in Internet Explorer will give the certificate details.