How to generate keystore, generate a CSR and import certificate using keytool

keytool.txt

#Note the commands below should be run on the server that hosts the application or website
# Create a keystore with an entry of a privatekeyentry
#replace <keystore.jks> with a keystore name (i.e., opencalenderkeystore.jks) and alias with a alias for your key (i.e., opencalender.com)
keytool -genkeypair -keystore <keystore.jks> -alias <alias> -keyalg RSA -validity 365 -keysize 2048

#first and last name - I recommend using the domain name (opencalender.com)
#OU - IT or Software Dev or Deployment

#Check the privatekeyentry and its alias
keytool -list -v -keystore <keystore>

#Create a CSR (Certificate Signing Request)
keytool -certreq -alias <alias> -keystore <keystore>  -file <filename.csr>

#Export the CSR
#Here is an example using SCP 
#On your local machine windows/mac/linux
#Upload the CSR to the necessary SSL provider
scp <filename.csr> root@ipaddress:/<csr directory>

#Import the certificate
#Note the alias should be the same as the key alias provided above
#This ensures the certificate has well been imported to the right key
keytool -import -alias <alias> -keystore <keystore.jks> -file <certificate.crt>

#Note this error would probably be raised
#keytool error: java.lang.Exception: Failed to establish chain from reply
#If the CA (Certificate Authority) provided a ca_bundle.crt file,
#append it to the end of the certificate.crt file

cat ca_bundle.crt >> certificate.crt

#Then import the certificate
keytool -import -alias <alias> -keystore <keystore.jks> -file <certificate.crt>