How to generate keystore and truststore

4 décembre 2020 à 14:14

Allez on le note, on sait jamais...

1.Generate keystore(At server):

keytool -genkey -alias bmc -keyalg RSA -keystore KeyStore.jks -keysize 2048

2.Generate new ca-cert and ca-key:

openssl req -new -x509 -keyout ca-key -out ca-cert

3.Extracting cert/creating cert sign req(csr):

keytool -keystore KeyStore.jks -alias bmc -certreq -file cert-file

4.Sign the “cert-file” and cert-signed wil be the new cert:

openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:yourpass

5.importing the ca-cert to keystore file:

keytool -keystore KeyStore.jks -alias CARoot -import -file ca-cert

6.import cert-signed to keystore:

keytool -keystore KeyStore.jks -alias bmc -import -file cert-signed

7.Copy ca-cert into client machine and generate truststore: (At client)

keytool -keystore truststore.jks -alias bmc -import -file ca-cert

8.Copy ca-cert into client machine and generate truststore: (At server)

keytool -keystore truststore.jks -alias bmc -import -file ca-cert-c