Generate a key pair for the server/service.
| Code Block |
|---|
$ keytool -genkey -alias server -keyalg RSA -keystore ./Server.jks -storetype PKCS12 |
alias = name of the keystore alias, for example, server keystore = name of the keystore, for example, server.jk
When prompted for first and last name the hostname where the certificate is valid should be entered other , e.g. localhost. Other values can be anything, for example localhost.
Generate a Certificate Signing Request (CSR) so that we can get server's certificate get signed by a CA.
| Code Block |
|---|
$ keytool -certreq -alias server -keystore Server.jks -file Server.csr |
Get the certificate signed by our the CA, Test CA in these example. See this page on how to set up a CA.
| Code Block |
|---|
$ openssl x509 -CA caroot.cer -CAkey cakey.pem -CAserial serial.txt -req -in Server.csr -out Server.cer -days 365 |
CA, CAkey and CAserial are files generated when setting up the CA.
Import the Test CA's root self signed certificate in server key store as a trusted certificate.
| Code Block |
|---|
$ keytool -import -alias TestCA -file caroot.cer -keystore Server.jks |
...