This procedure uses the Java keytool utility to generate a key and save it to a Java keystore.
NOTE:
I need to create keystore and truststore with root signed certificates. I have these files (at this step they are identical for client and for server): clientcert.pem clientprvkey.pem rootcer. When you are working with JAVA applications and JAVA based server, you may need to configure a Java key store (JKS) file. Self signed keystore can be easily created with keytool command. But if you have a private key and a CA signed certificate of it, You can not create a key store with just one keytool command. Crt and key files represent both parts of a certificate, key being the private key to the certificate and crt being the signed certificate. It's only one of the ways to generate certs, another way would be having both inside a pem file or another in a p12 container. How to generate.key and.crt file from JKS file for httpd apache server. Ask Question. And generate.key and.crt file. Der -keystore mycert.jks convert the. To generate a new public/private key pair in a Java keystore. Use the -genkeypair option to generate a key and save it to a Java keystore (newkeystore.jks in this example). The example shown here prompts you to enter values for items that make up the distinguished name (DN) in the certificate.
The CA you use might have specific options required for creating an HTTPS certificate. Review the instructions provided by the CA before creating your key pair.
DSA keys used in Reflection Gateway server certificates must be either 2048 or 3072 bits. RSA keys must be between 2048 and 4096 bits.
To generate a new public/private key pair in a Java keystore
Use the -genkeypair option to generate a key and save it to a Java keystore (newkeystore.jks in this example). The example shown here prompts you to enter values for items that make up the distinguished name (DN) in the certificate. See the example below to enter these values directly on the command line.
The keytool prompts you to enter a password and values for the items that make up the distinguished name (DN) in the certificate (name = CN, organizational unit = OU, organization = O, city or locality = L, state or province = S, two letter country code = C). The generated DN will use the value 'Unknown' for any fields you don't specify.
When you are prompted with “What is your first and last name?'
You must enter the DNS name that is used to access the Reflection Gateway server (for example gateway.mycompany.com). This value is used as the CN (Common Name) in the certificate. If the CN in a certificate doesn't match the actual DNS name used to access the server, you will see a certificate warning when you connect to the server.
When you are prompted with 'What is the two-letter country code for this unit?'
You must enter a valid two-letter country code (for example US).
When you are prompted for a password for the alias, press Enter to use the same password you used for the keystore.
Jks Keystore File
Create Jks From Cert
An alternate option to responding to prompts is to specify the DN value on the command line using the -dname option. For example: