基本使用关键工具生成密钥对,CSR,并使用root ca和导入证书回复进行签名
#"Generate key pair"
keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -keystore mykeystore.jks -keypass jks123 -storepass jks123 -storetype JKS
#"Generate cert request(CSR)"
keytool -certreq -alias mykey -file my.csr -storetype JKS -keystore mykeystore.jks -keypass jks123 -storepass jks123
#"Create root ca key and ca cert using openssl"
openssl req -x509 -newkey rsa:2048 -sha256 -nodes -out cacert.crt -outform PEM -keyout cakey.pem
#"Import ca cert to keystore as trust CRT"
keytool -importcert -alias root-ca -file cacert.crt -keystore mykeystore.jks -storepass jks123 -storetype JKS
#"Sign the CSR using self signed root CA created in step 3"
openssl x509 -req -days 365 -in my.csr -CA cacert.crt -CAkey cakey.pem -set_serial 300661 -out my.crt
#Import the signed certifcate to key store"
keytool -v -importcert -alias mykey -file my.crt -trustcacerts -storetype JKS -keystore mykeystore.jks -keypass jks123 -storepass jks123
#list key store
keytool -v -list -storetype JKS -keystore mykeystore.jks -keypass jks123 -storepass jks123