Server keystore & truststore generation
Regenerate server.crt out of the server.key (please do not change CN):
openssl req -x509 -key server.key -out ./server.crt -days 3650 -nodes -subj "/C=CH/ST=Berne/L=Berne/O=Hitachi Power Grids Switzerland Ltd./OU=PGGA,PG/CN=localhost"
We will use also the server certificate as certification authority for all other generated certificates:
cp server.crt diracCA.crt
We add serverCA to the trust store:
keytool -noprompt -import -file diracCA.crt -alias diracCA -keystore server_truststore.jks -storepass changeit
And we create a PKCS12 keystore containing private key and related self-sign certificate:
openssl pkcs12 -export -password pass:changeit -in diracCA.crt -inkey server.key -out server_keystore.p12
At the end of this step we should have following files:
[dirac@nmssrv dirac]$ ll
-rw-rw-r--. 1 dirac dirac 1415 May 5 06:28 diracCA.crt
-rw-rw-r--. 1 dirac dirac 1415 May 5 06:19 server.crt
-rw-r-----. 1 dirac dirac 1704 May 5 06:17 server.key
-rw-------. 1 dirac dirac 2605 May 5 06:29 server_keystore.p12
-rw-rw-r--. 1 dirac dirac 1298 May 5 06:29 server_truststore.jks