Index

SSL certificates & the keystore

default keystore location
[JAVA_HOME]/jre/lib/security/cacerts
Create a new keystore:
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
Importing certificate:
keytool -keystore cacerts -importcert -noprompt -trustcacerts -storepass changeit -alias [alias] -file certificate.crt
importing .der file:
keytool -import -keystore cacerts -file -storepass changeit -alias [alias] certificate.der
show certificate properties
keytool -printcert -file /path/to/certificate.pem
list certificates:
keytool  -v  -list  -keystore [/path/to/]security/cacerts -storepass changeit
delete certificate
keytool -delete -storepass changeit  -keystore cacerts -alias mydomain

Generating a self signed certificate

create key file & crt file
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls/selfsigned.key -out /tmp/tls/selfsigned.crt
more info
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04
testing your certificate configuration on a public website
https://digicert.com/help