Elliptical Curve (ECC) Certificate for a Certificate Authority (CA) w/ JCEKS Keystore
Here is how to create keys and the keystore Size of keypair - Range from 112 to 571 (inclusive) - Default is 256
Copy keytool -genkeypair -keysize 521 -sigalg SHA512withECDSA -keyalg EC -alias serverkey -keypass changeit -validity 365 -dname "CN=Name,OU=IT,O=Mega,L=Planet,ST=CO,C=US" -storetype jceks -keystore this.keystore -storepass changeit
Check the keys and keystore creation
Copy keytool -list -v -keystore this.keystore -storetype jceks -storepass changeit
Create a Certificate Signing Request (CSR) for a Certificate Authority (CA)
Copy keytool -certreq -v -file site.csr -sigalg SHA384withECDSA -alias serverkey -keypass changeit -keystore this.keystore -storetype jceks -storepass changeit -ext san=dns:server.example.com,dns:server,ip:10.10.10.10,ip:::1
Check the Certificate Signing Request (CSR) for Certified Authority (CA)
Copy keytool -printcertreq -file site.csr
Check the Certificate from the CA where the CSR was signed
Copy keytool -printcert -file site.cer or .pem
Import the Root Certificate from the Certificate Authority (CA) to the KeyStore
Copy Keytool -import -trustcacerts -alias CAroot -keystore this.keystore -file CARoot.cer -storetype jceks -storepass changeit
Import the Intermediate Certificate(s) from the Certificate Authority (CA) to the KeyStore
Copy Keytool -import -trustcacerts -alias CAinter1 -keystore this.keystore -file CAInter.cer -storetype jceks -storepass changeit
Import the Site/Server Certificate from the Certificate Authority (CA) to the KeyStore
Copy keytool -importcert -alias sitecert -file site.pem -storetype jceks -keystore this.keystore -storetype jceks -storepass changeit