The following set of commands will generate:
- Two (2) .jks files: clientKeystore.jks and serverKeystore.jks.
- Two (2) .cer files: clientcert.cer and servercert.cer
Replace the following accordingly:
{FULL_PATH}
- the path where you want to place all the generated files
{NUMBER_OF_DAYS}
- specify number of days the certificates will be valid (e.g. 2 years = 730, 5 years = 1825)
{CLIENT_STORE_PASS}
- password for accessing the clientKeystore.jks
{CLIENT_KEY_PASS}
- password for the self-signed certificate alias myclientkey
{SERVER_STORE_PASS}
- password for accessing the serverKeystore.jks
{SERVER_KEY_PASS}
- password for the self-signed certificage alias: myserverkey
{DN}
- the distinguished name e.g. cn=Example, ou=ExmapleUnit, o=ExampleOrg, c=PH
Additional details you may wish to replace:
myclientkey
- alias name for client self-signed certificate
myserverkey
- alias name for server self-signed certificate
clientKeystore.jks
- name of the client keystore
serverKeystore.jks
- name of the server keystore
clientcert.cer
- name of the exported client certificate
servercert.cer
- name of the exported server certificate
For more details please see:
http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html
keytool -genkey -keystore {FULL_PATH}/clientKeystore.jks -alias myclientkey -keyalg rsa -keysize 2048 -dname "{DN}" -validity {NUMBER_OF_DAYS} -storepass {CLIENT_STORE_PASS} -keypass {CLIENT_KEY_PASS}
keytool -genkey -keystore {FULL_PATH}/serverKeystore.jks -alias myserverkey -keyalg rsa -keysize 2048 -dname "{DN}" -validity {NUMBER_OF_DAYS} -storepass {SERVER_STORE_PASS} -keypass {SERVER_KEY_PASS}
keytool -exportcert -keystore {FULL_PATH}/clientKeystore.jks -alias myclientkey -storepass {CLIENT_STORE_PASS} -file {FULL_PATH}/clientcert.cer
keytool -exportcert -keystore {FULL_PATH}/serverKeystore.jks -alias myserverkey -storepass {SERVER_STORE_PASS} -file {FULL_PATH}/servicecert.cer
keytool -importcert -keystore {FULL_PATH}/clientKeystore.jks -storetype JKS -alias myserverkey -file {FULL_PATH}/servicecert.cer -storepass {CLIENT_STORE_PASS} -keypass {CLIENT_KEY_PASS}
keytool -importcert -keystore {FULL_PATH}/serverKeystore.jks -storetype JKS -alias myclientkey -file {FULL_PATH}/clientcert.cer -storepass {SERVER_STORE_PASS} -keypass {SERVER_KEY_PASS}