# Generate keystore with name ssl, write to cert.jkskeytool -genkey -dname "CN=

1. # Generate keystore with name ssl, write to cert.jks
2. keytool -genkey -dname "CN=my.host.bla, OU=[...], O=[...], L=[...], S=BY, C=DE" -alias ssl -keyalg RSA -keysize 2048 -keystore cert.jks
3.  
4. # gen CSR into my.host.bla.csr
5. keytool -certreq -keyalg RSA -alias ssl -file my.host.bla.csr -keystore cert.jks -ext san=DNS:my.host.bla
6.  
7. # submit CSR to CA (this is a windows-specifc part!!)
8. certreq -submit -attrib "certificatetemplate:ssl201610" my.host.bla.csr
9.  
10. # Import Issuers
11. # Root-CA: (already downloaded)
12. keytool -import -alias root-pki -keystore cert.jks -trustcacerts -file "blaRootCA.cer"
13.  
14. # Intermedi / Issuer-CA: (already downloaded)
15. keytool -import -alias issuing-pki -keystore cert.jks -trustcacerts -file "blaIssuingCA.cer"
16.  
17. # Import keys
18. keytool -import -alias ssl -keystore cert.jks -file my.host.bla.cer