Skip to main content

Creating the client keystore

openssl req -x509 -days 36525 -newkey rsa:2048 -sha256 -keyout clientkey.pem 
   -out clientcert.pem -passout pass:cspass
This command is interactive. Enter the answers for the following questions, for example:
Country Name - US
State or Province Name - New York
Locality Name - Niagara Falls
Organization Name - Sample Client -- NOT FOR PRODUCTION
Organizational Unit Name - IT Department
Common Name - www.client.com
Email Address - client@client.com
openssl pkcs12 -export -inkey clientkey.pem -in clientcert.pem 
   -out client.p12 
   -name myclientkey -passin pass:cspass -passout pass:ckpass
keytool -importkeystore -destkeystore clientstore.jks -deststoretype jks -deststorepass  
   cspass -deststoretype jks -srckeystore client.p12 
   -srcstorepass ckpass -srcstoretype pkcs12
keytool -list -keystore clientstore.jks -storepass cspass -v
keytool -exportcert -alias myclientkey -storepass cspass -keystore 
   clientstore.jks -file client.cer 
keytool -printcert -file client.cer
rm *.pem *.p12

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!