#!/bin/bash

rm -f server.jks server.key server.csr server.crt server.cnf

cat << EOF > server.cnf

[req]
distinguished_name      = req_distinguished_name
x509_extensions = v3_req
prompt = no

[ req_distinguished_name ]
commonName              = localhost

[v3_req]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:TRUE
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
IP.1 = 127.0.0.1

EOF



#openssl genrsa -out server.key 1024
#openssl req -config server.cnf  -new -key server.key -out server.csr 
#openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout server.key -out server.crt -config server.cnf

yes | keytool -import -v -trustcacerts -alias 127.0.0.1 -file server.crt -keystore server.jks -keypass changeit -storepass changeit