Create a Java keystore

5min

this section shows how to use the java keytool commands to generate a new key pair on the {{vectera}} , create a certificate signing request (csr), issue a certificate through an internal or external ca, and import the signed certificate and its accompanying ca certificate into a java keystore these steps ensure that you can use apksigner and the signed certificate to sign an apk file in the next section the jdk 8 installation includes the keytool application, so you can run the keytool commands in this section with no additional configuration generate a key pair and certificate perform the following steps to generate a server key pair and self signed certificate execute the following command the alias field sets a name to identify the key pair and certificate to be generated it can be any name (for example, apksignerdemo ) keytool genkeypair keyalg rsa keysize 2048 alias apksignerdemo keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex when prompted, answer questions about the server certificate shown in the following example and enter the keystore password, which all keytool and jarsigner commands use moving forward what is your first and last name? \[unknown] www example com what is the name of your organizational unit? \[unknown] engineering what is the name of your organization? \[unknown] futurex what is the name of your city or locality? \[unknown] bulverde what is the name of your state or province? \[unknown] tx what is the two letter country code for this unit? \[unknown] us is cn=www example com, ou=engineering, o=futurex, l=bulverde, st=tx, c=us correct? \[no] yes generate and export a csr perform the following steps to generate and export a csr to generate and export a csr, run the following command keytool certreq alias apksignerdemo file example csr keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex enter the keystore password get the csr signed by a ca, either third party or internal after it is signed, the server certificate returned by the ca is imported along with the ca certificate import a ca root certificate perform the following steps to import a ca root certificate to import the ca root certificate, run the following command keytool import trustcacerts alias apksignerdemoca keystore none file ssl ca cert pem storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex enter the keystore password when prompted to trust the certificate, enter yes trust this certificate? \[no] yes certificate was added to keystore import a server certificate perform the following steps to import a server certificate signed by a ca to import the signed server certificate, run the following command keytool importcert alias keytooldemo keystore none file signed example cert pem storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex enter the keystore password if the command succeeds, you should see an output similar to the following certificate reply was installed in keystore

Edit the Futurex PKCS #11 Configuration File

Sign APKs with Android APKSigner by using Futurex PKCS #11