Note: given the rm
commands below, it is probably best to create a new
directory and navigate to it before running these commands from a terminal
window.
rm *.p12 *.pem *.jks *.cer
openssl req -x509 -days 3650 -newkey rsa:1024 -keyout servicekey.pem -out
servicecert.pem -passout pass:<PW-Sk>
When running this openssl
command, enter any geographic and
company information desired, the key password in passout, and a common name of
your choice (perhaps servicecn
for the service and
clientcn
for the client).
openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out
service.p12 -name myservicekey -passin pass:<PW-Sk> -passout
pass:<PW-Sk>
This creates a pkcs12 certificate. Note the <PW-Sk> value will be used both for the keystore and the private key itself.
keytool -importkeystore -destkeystore servicestore.jks -deststorepass
<PW-Sk> -deststoretype jks -srckeystore service.p12 -srcstorepass
<PW-Sk> -srcstoretype pkcs12 # See Note 3
This places the certificate in a new JKS keystore. The keystore's password is changed here to <PW-Sk>, but the private key's password retains the earlier value of <PW-Sk>.
keytool -list -keystore servicestore.jks -storepass <PW-Sk> -v
The list command is just to show the keys presently in the keystore.
keytool -exportcert -alias myservicekey -storepass <PW-Sk> -keystore
servicestore.jks -file service.cer
keytool -printcert -file service.cer
rm *.pem *.p12