openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
%JAVA_HOME%\bin\keytool -import -alias <my-node> -file <my-node>.cer -keystore <key-store> –storepass <password>
"%JAVA_HOME%\bin\keytool" -import -alias ... -file ....cer -keystore ...
"%JAVA_HOME%\bin\keytool" -import -alias ... -file ....crt -keystore ...
"%JAVA_HOME%\bin\keytool" -import -alias root-ca -file Root-CA.pem -keystore ....jks
%JAVA_HOME%\bin\keytool -genkey -alias <alias> -keyalg RSA -keypass changeit -storepass changeit -keystore my_keystore.jks
"%java_home%\bin\keytool.exe" -export -alias <alias> -storepass changeit -file my.cer -keystore my_keystore.jks
"%java_home%\bin\keytool.exe" -alias <my_alias> -storepass changeit -keystore my_keystore.jks –certreq –keyalg rsa –file my.csr
createCertificate.bat my
"%JAVA_HOME%\bin\keytool" -import -keystore my_keystore.jks -file Root-CA.pem -alias Root-CA
"%JAVA_HOME%\bin\keytool" -import -keystore my_keystore.jks -file my.crt -alias <my_alias>
cd %APACHE2_HOME%\bin
openssl x509 -req -in %CA_LOCATION%\%1.csr -CA %CA_LOCATION%\%CA%.pem -CAkey %CA_LOCATION%\%CA%.key -CAcreateserial -out %CA_LOCATION%\%1.cer -days 1024 -sha256
cd %CA_LOCATION%
REM Creates a key pair in a new .jks file and then signs and imports certificate.
REM The first argument is the base name for .jks file and certificate.
cls
echo === Generating a key and a keystore ===
"%JAVA_HOME%\bin\keytool" -keystore %1.jks -genkey -alias %1
pause
cls
echo === Generating a certificate request ===
"%JAVA_HOME%\bin\keytool" -keystore %1.jks -certreq -alias %1 -keyalg rsa -file %1.csr
pause
cls
echo === Signing the certificate request ===
call signCertificate.bat %1
pause
cls
echo === Import the CA certificate into the keystore ===
"%JAVA_HOME%\bin\keytool" -import -keystore %1.jks -file Innovation-CA.pem -alias InnovationCA
pause
cls
echo === Import the signed certificate into the keystore ===
"%JAVA_HOME%\bin\keytool" -import -keystore %1.jks -file %1.cer -alias %1
Trust store contains certificate chains which the JVM trusts:
javax.net.ssl.trustStore
-> Trust store locationjavax.net.ssl.trustStorePassword
-> Trust store password
Certificate store contains certificates to be presented during 2-way SSL handshake:
javax.net.ssl.keyStore
-> Key storejavax.net.ssl.keyStorePassword
-> Key store password