Create Java KeyStore

this section shows how to use the java keytool commands to generate a new key pair on the {{vectera}} , create a certificate signing request (csr), issue a certificate through an internal or external ca, and import the signed certificate and its accompanying ca certificate into a java keystore these steps ensure that you can use apksigner and the signed certificate to sign an apk file in the next section the keytool application is included in the jdk installation, so you can run the keytool commands in this section with no additional configuration generate a key pair and certificate perform the following steps to generate a server key pair and self signed certificate execute the following command keytool genkeypair keyalg rsa keysize 2048 alias apksignerdemo keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex the alias field sets a name to identify the key pair and certificate to be generated it can be any name (for example, apksignerdemo ) when prompted for the keystore password, enter the identity password configured inside the \<crypto opr pass> tag in the fxpkcs11 cfg file when prompted, answer questions about the server certificate shown in the following example, which all keytool and jarsigner commands moving forward use what is your first and last name? \[unknown] www example com what is the name of your organizational unit? \[unknown] engineering what is the name of your organization? \[unknown] futurex what is the name of your city or locality? \[unknown] bulverde what is the name of your state or province? \[unknown] tx what is the two letter country code for this unit? \[unknown] us is cn=www example com, ou=engineering, o=futurex, l=bulverde, st=tx, c=us correct? \[no] yes generate and export a csr perform the following steps to generate and export a certificate signing request (csr) to generate and export a csr, run the following command keytool certreq alias apksignerdemo file example csr keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex when prompted for the keystore password, enter the identity password configured inside the \<crypto opr pass> tag in the fxpkcs11 cfg file get the csr signed by a ca, either third party or internal after it is signed, the server certificate returned by the ca is imported along with the ca certificate import a certificate perform the following steps to import a ca root certificate to import the ca root certificate, run the following command keytool import trustcacerts alias apksignerdemoca keystore none file ssl ca cert pem storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex when prompted for the keystore password, enter the identity password configured inside the \<crypto opr pass> tag in the fxpkcs11 cfg file when prompted to trust the certificate, enter yes trust this certificate? \[no] yes certificate was added to keystore import a signed certificate perform the following steps to import a server certificate signed by a ca to import the signed server certificate, run the following command keytool importcert alias keytooldemo keystore none file signed example cert pem storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex when prompted for the keystore password, enter the identity password configured inside the \<crypto opr pass> tag in the fxpkcs11 cfg file if the command succeeds, you should see an output similar to the following certificate reply was installed in keystore