Create Java keystore

in this section, you use java keytool commands to generate a new key pair on the {{k3}} , create a certificate signing request (csr), issue a certificate through an internal or external ca, and import the signed certificate and accompanying ca certificate into a java keystore these tasks enable you to use the signed certificate to sign a jar file by using jarsigner in the next section because the keytool application is part of the jdk 8 installation, you don't need extra configuration to run the commands in this section 1 | generate a server key pair and self signed certificate run the following command to generate the key pair and certificate the alias field sets a name to identify the key pair and certificate being generated it can be any name (such as jarsignerdemo ) keytool genkeypair keyalg rsa keysize 2048 alias jarsignerdemo keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex ext extendedkeyusage=codesigning ext keyusage=digitalsignature when you run the preceding command, the keytool application prompts you for information about the server certificate you want to generate, as shown in the following sample enter the keystore password (the password that you set here will be used in all keytool and jarsigner commands moving forward ) what is your first and last name? \[unknown] www example com what is the name of your organizational unit? \[unknown] engineering what is the name of your organization? \[unknown] futurex what is the name of your city or locality? \[unknown] bulverde what is the name of your state or province? \[unknown] tx what is the two letter country code for this unit? \[unknown] us is cn=www example com, ou=engineering, o=futurex, l=bulverde, st=tx, c=us correct? \[no] yes 2 | generate and export a csr execute the following command keytool certreq alias jarsignerdemo file example csr keystore none storetype pkcs11 providername "futurex" providerclass "fx security pkcs11 sunpkcs11" enter the keystore password use either a third party or internal ca to sign the csr 3| import the ca root certificate run the following command to import the certificate keytool import trustcacerts alias jarsignerdemoca keystore none file ssl ca cert pem storetype pkcs11 providername "futurex" providerclass "fx security pkcs11 sunpkcs11"enter keystore password trust this certificate? \[no] yes certificate was added to keystore 4 | import the certificate signed by ca run the following command to import the signed certificate keytool importcert alias jarsignerdemo keystore none file signed example cert pem storetype pkcs11 providername "futurex" providerclass "fx security pkcs11 sunpkcs11"enter the keystore password certificate reply was installed in keystore