This is an all-in-one command that generates a certificate for the server and places it in a keystore file, while setting both the certifcate password and the keystore password. The net result is a file called "server.jks".
keytool -genkeypair -alias serverkey -keyalg RSA -dname "CN=Server,OU=Incalza team,O=Incalza,L=Como,S=CO,C=IT" -keypass s3cr3t -keystore server.jks -storepass s3cr3t
This is the all-in-one command that generates the certificate for the client and places it in a keystore file, while setting both the certificate password and the keystore password. The net result is a file called "client.jks"
keytool -genkeypair -alias clientkey -keyalg RSA -dname "CN=Client,OU=Incalza team,O=Incalza,L=Como,S=CO,C=IT" -keypass s3cr3t -keystore client.jks -storepass s3cr3t
This command exports the client certificate.
The net result is a file called "client-public.cer" in your home directory.
keytool -exportcert -alias clientkey -file client-public.cer -keystore client.jks -storepass s3cr3t
keytool -exportcert -alias serverkey -file server-public.cer -keystore server.jks -storepass s3cr3t
This command imports the client certificate into the "server.jks" file.
keytool -importcert -keystore server.jks -alias clientcert -file client-public.cer -storepass s3cr3t -noprompt
This command create the p12 certificate for the browser.
keytool -importkeystore -srckeystore client.jks -destkeystore client.p12 -deststoretype PKCS12 -srcalias clientkey -deststorepass s3cr3t -destkeypass s3cr3t
Configure the connector on server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="${catalina.home}/conf/certs/server.jks" keystorePass="s3cr3t"
truststoreFile="${catalina.home}/conf/certs/server.jks" truststorePass="s3cr3t"
clientAuth="true" sslProtocol="TLS" />
Disable on server.xml
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />