Creating a RSA Certificate for a Certificate Authority (CA) w/ PKCS12 Keystore

RSA Certificate for a Certificate Authority (CA) w/ PKCS12 Keystore

Here is how to create the keys and keystore
keytool -genkeypair -keysize 4096 -sigalg SHA512withRSA -keyalg RSA -alias serverkey -keypass changeit -validity 365 -dname "CN=Name,OU=IT,O=Mega,L=Planet,ST=CO,C=US" -storetype pkcs12 -keystore that.keystore -storepass changeit
Check the keys and keystore creation
keytool -list -v -keystore that.keystore -storetype pkcs12 -storepass changeit
Create a Certificate Signing Request (CSR) for a Certificate Authority (CA)
keytool -certreq -v -file site.csr -sigalg SHA384withRSA -alias serverkey -keypass changeit -keystore that.keystore -storetype pkcs12 -storepass changeit -ext san=dns:server.example.com,dns:server,ip:10.10.10.10,ip:::1 
Check the Certificate Signing Request (CSR) for Certified Authority (CA)
keytool -printcertreq -file site.csr 
Check the Certificate from the CA where the CSR was signed
keytool -printcert -file site.cer or .pem
Import the Private Root Certificate from the Client Certificate Authority (CA) to the KeyStore
Keytool -import -trustcacerts -alias privroot -keystore that.keystore -file CARoot.cer -storepass changeit -storetype pkcs12 
Import the Private Intermediate Certificate from the Client Certificate Authority (CA) to the KeyStore
Keytool -import -trustcacerts -alias privinter1 -keystore that.keystore -file CAInter.cer  -storetype pkcs12 -storepass changeit -storetype pkcs12 
Import the Site/Server Certificate from the Client Certificate Authority (CA) to the KeyStore
keytool -importcert -alias sitecert -file site.pem -storetype pkcs12 -keystore that.keystore -storetype pkcs12 -storepass changeit -storetype pkcs12