Generating full SSL for Tomcat/Jetty using Java Keytool.

ssl-generation.sh

#!/bin/bash

# Generates a SSL certificate, java-ready with the hardcoded ips and name. 
# Change varibale names to suit your need, you can do JAVA_HOME=$JAVA_HOME too.

JAVA_HOME=/usr/lib/jvm/java-8-oracle
CERT_NAME="yurimdias"
STOREPASS="changeit"
KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts
CERTIFICATE_PATH=./$(echo $CERT_NAME)
STORE_NAME=$CERTIFICATE_PATH-store.jks
CERT_PATH=$CERTIFICATE_PATH-cert.crt

echo "Generating certificate for: ${CERT_NAME}..."

echo "Making sure that there's not another certificate with the same name..."
sudo keytool \
	-delete -v \
	-alias $CERT_NAME \
	-keystore $KEYSTORE \
	-storepass $STOREPASS \
	-noprompt
rm $STORE_NAME -v
rm $CERT_PATH -v

echo 'Generating keystore and key-pair'
sudo keytool \
	-genkey \
	-alias $CERT_NAME \
	-keyalg RSA \
	-keystore $STORE_NAME \
	-dname "CN=localhost,OU=localhost, O=localhost, L=localhost, ST=localhost, C=BR" \
	-storepass $STOREPASS \
	-keypass $STOREPASS \
	-ext san=ip:127.0.0.1 \
	-validity 3650 \
	-noprompt

echo 'Exporting keystore to certificate'
sudo keytool \
	-exportcert \
	-alias $CERT_NAME \
	-keystore $STORE_NAME \
	-file $CERT_PATH \
	-storepass $STOREPASS \
	-noprompt	

echo 'Adding certificate to java cacerts'
sudo keytool \
	-import \
	-alias $CERT_NAME \
	-file $CERT_PATH \
	-keystore $KEYSTORE \
	-storepass $STOREPASS \
	-noprompt 

echo 'Checking if added...'
sudo keytool \
	-list -v \
	-alias $CERT_NAME \
	-keystore $KEYSTORE \
	-storepass $STOREPASS