Link [https://support.sonatype.

com/hc/en-us/articles/213465768-SSL-Certificate-
Guide]

ln -s /opt/jdk1.8.0_202/bin/keytool /usr/local/bin/keytool

# Generate public private key pair using keytool:

keytool -genkeypair -keystore keystore.jks -storepass password -keypass password -

alias jetty -keyalg RSA -keysize 2048 -validity 5000 -dname
"CN=repo.maven9x.ocp.lab, OU=Shashank, O=Sonatype, L=Hanoi, ST=Hanoi, C=VN" -ext
"SAN=DNS:repo.maven9x.ocp.lab,IP:192.168.2.176" -ext "BC=ca:true"

keytool -importkeystore -srckeystore keystore.jks -srcstorepass password -

destkeystore keystore.jks -deststoretype pkcs12

# Generate PEM encoded public certificate file using keytool:

keytool -exportcert -keystore keystore.jks -storepass password -alias jetty -rfc >
keystore.cert

# Convert our Java specific keystore binary".jks" file to a widely compatible

PKCS12 keystore ".p12" file

keytool -importkeystore -srckeystore keystore.jks -srcstorepass password -

destkeystore keystore.p12 -deststoretype PKCS12 -deststorepass password -srcalias
jetty -destalias jetty -srckeypass password -destkeypass password

# List and verify new keystore file contents

keytool -list -v -keystore keystore.jks -storepass password

keytool -list -keystore keystore.p12 -storetype PKCS12 -storepass password

# (Optional) Extract pem (certificate) from ".p12" keystore file ( this is same as
step 2, but openssl spits out more verbose contents ):

openssl pkcs12 -nokeys -in keystore.p12 -out keystore.pem -legacy -passin

pass:password

#Extract unencrypted private key file from ".p12" keystore file:

openssl pkcs12 -nocerts -nodes -in keystore.p12 -out keystore.key -legacy -passin
pass:password
#####

keytool -printcert -sslserver maven9x-quay.ocp.lab:8443 -rfc