keytool  -keystore  [keystore file name]  -alias [domain]  -genkey  -keyalg  RSA

keytool  -keystore  myKeystore.jks  -alias aspire  -genkey  -keyalg  RSA

Enter keystore password: myKeystorePassword
Re-enter new password: myKeystorePassword

What is your first and last name?
  [Unknown]:  my-pc.search.local

What is the name of your organizational unit?
  [Unknown]:

What is the name of your organization?
  [Unknown]:

What is the name of your City or Locality?
  [Unknown]:

What is the name of your State or Province?
  [Unknown]:

What is the two-letter country code for this unit?
  [Unknown]:

Is CN=my-pc.search.local, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes
 
Enter key password for <aspire>
        (RETURN if same as keystore password): myKeyPassword
Re-enter new password: myKeyPassword

The certificate needs to be installed in the server machine, otherwise the SSL will not work. the installation of the certificate varies among operating systems

This certificate is enough to run SSL. However, this certificate we generated will not be trusted by the browser unless we request a well known Certificate Authority (CA) to sign our key/certificate. Among them are: AddTrust, Entrust, GeoTrust, RSA Data Security, Thawte, ,VISA, ValiCert, Verisign and beTRUSTed.

keytool -list -v -keystore [keystore file name]

keytool -list -v -keystore keystore.jks
Enter keystore password:


Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: aspire
Creation date: Mar 19, 2020
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=loacalhost, OU=Content Analytics, O=Accenture, L=Heredia, ST=Heredia, C=CR
Issuer: CN=loacalhost, OU=Content Analytics, O=Accenture, L=Heredia, ST=Heredia, C=CR
Serial number: 6d395d90
Valid from: Thu Mar 19 10:44:56 CST 2020 until: Wed Jun 17 10:44:56 CST 2020
Certificate fingerprints:
         SHA1: E8:E9:3D:BB:C6:BD:E8:B2:11:96:56:07:53:39:DD:42:44:E4:3F:F5
         SHA256: A3:3E:7B:D8:76:18:A2:D0:19:13:94:AB:4F:CB:6A:98:59:39:53:C8:E1:21:14:FF:87:0C:86:05:BE:DF:16:D2
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3D F7 1B 37 94 DA F9 34   03 84 FE E2 33 3E F3 7B  =..7...4....3>..
0010: D9 C1 62 74                                        ..bt
]
]



*******************************************
*******************************************

keytool -export -alias [domain]  -file [filename for certificate] -keystore [keystore file name]

keytool -export -alias aspire -file aspire.crt -keystore keystore.jks
Enter keystore password:
Certificate stored in file <aspire.crt>

This solution requires OpenSSL to be installed in the machine

generate-ssl-certs.bat --generate [domain] [password] [folder_path]

generate-ssl-certs.bat must be run from the bin directory. If you run from another directory, it appears to work but will not write all the certificate files (in fact it writes the key files only)

generate-ssl-certs.bat --generate aspire-cert 123456
Location: C:\Users\test\Desktop


Generating CA
Generating Server Certificate
Generating Client Certificate

Make sure the keystore file is not placed in "/config/certs" folder of your distribution. Only X509 certificates should be placed in this location.

keytool -v -importkeystore -srckeystore client/client.p12 -srcstoretype PKCS12 -destkeystore myKeystore.jks -deststoretype JKS

keytool -import -file ca/ca.crt -keystore myKeystore.jks