vROCertTool - Package Singing Certificate generation

vROCertTool_package_signing_cert_generation.md

Package Signing Certificate Generation

Package signing certificate keystores can be created using the keytool command provided by the JDK.

To Create a self signed certificate for package signing that is good for 10 years:

keytool -genkeypair \
-alias _dunesrsa_alias_ \
-keyalg RSA \
-keysize 2048 \
-sigalg SHA512withRSA \
-storetype JCEKS \
-keystore package-signing-cert.jks \
-storepass password \
-dname "CN=Pkg Sign Team,OU=Org,O=Company,C=Country" \
-ext eku=sa \
-ext ku:c=dig,keyEncipherment \
-validity 3650

Make the certificate unique by updating the distinquished name (-dname), keystore password (-storepass)