Hi,
short “HowTo” today 
This post contains the keytool command line parameters for creating a jks container which contains an key and the selfsigned certificate belongs to that key.
This command line creates the key and the certificate and sets some X509v3 (Keyusage) extensions for which porposes the Certificate can be used. You can find the keytool binary in the bin folder of your Java Runtine Environment (jre).
1 | michael@devdeb ~ $ keytool -genkey -keyalg RSA -alias ServerCertificate -keystore D:\temp\yourKeyStore.jks -dname "cn=hostname.yourdomain.org,ou=Your Department,o=Your Company, c=de,l=Nuremberg,st=Franken" -validity 365 -keysize 2048 -sigalg SHA256withRSA -ext KU:critical=dataEncipherment,keyEncipherment,digitalSignature |
Export your certificate
1 | michael@devdeb ~ $ keytool -export -keystore d:\temp\yourKeyStore.jks -alias ServerCertificate -file D:\temp\ServerCertificate.cer |
List the content of the container
1 | michael@devdeb ~ $ keytool -list -v -keystore d:\temp\yourKeyStore.jks |
If you want to trust another certificate, import the certificate to your container
1 | michael@devdeb ~ $ keytool -import -alias TrustedCertiticate -file D:\temp\TrustedCertiticate.cer -keystore D:\temp\yourKeyStore.jks |
Michael