Artigo original: https://www.novatec-gmbh.de/en/blog/spring-boot-applications-tls-http2/
-
Criando certificado raiz
keytool -genkeypair -alias root-ca -keyalg RSA -keysize 3072 -ext BC:c=ca:true -keystore ./root-ca/ca.jks -storepass secret -keypass secret
-
Exportando o certificado raiz
keytool -exportcert -alias root-ca -keystore ./root-ca/ca.jks -rfc -file ./root-ca/ca.pem -storepass secret
-
Criando certificado do servidor
keytool -genkeypair -alias localhost -keyalg RSA -keysize 3072 -dname "CN=com.tsfreitas.client,OU=Development,O=My Organization,C=BR" -ext BC:c=ca:false -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore ./server/server.jks -storepass secret -keypass secret
-
Criando o certificado assinado
keytool -certreq -alias localhost -keystore ./server/server.jks -file ./server/server.csr -storepass secret -keypass secret
-
Exportando o certificado
keytool -gencert -alias root-ca -keystore ./root-ca/ca.jks -infile ./server/server.csr -rfc -outfile ./server/server.pem -storepass secret -keypass secret
-
Vincular o certificado raiz no certificado do servidor
keytool -importcert -noprompt -alias root-ca -keystore ./server/server.jks -file ./root-ca/ca.pem -storepass secret -keypass secret
-
Vincular certificado assinado
keytool -importcert -noprompt -alias localhost -keystore ./server/server.jks -file ./server/server.pem -storepass secret -keypass secret
- Entrar em chrome://settings/certificates -> Authorities -> Import e selecionar o arquivo ./root-ca/ca.epm