Steps to create the certificate and store files in this directory:

First Create a CA certificate and a Server certificate
------------------------------------------------------

1. Generate CA private key:
$ openssl genrsa -out ca.key 1024

2. Generate CA Cert
$ openssl req -x509 -new -nodes -key ca.key -days 20000 -out ca.pem 

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AppDynamics
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:AppDynamics
Email Address []:

3. Import ca cert into a server store
$ keytool -import -trustcacerts -alias cacert -keystore serverkeystore.jks -file ca.pem
Enter keystore password: password
Re-enter new password: password
...
Trust this certificate? [no]: yes

4. Generate a server key pair and keystore:
$ keytool -genkeypair -alias servercert -keyalg RSA -keystore serverkeystore.jks
Enter keystore password: password
Re-enter new password:  password
What is your first and last name?
  [Unknown]: localhost
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Enter key password for <servercert>
	(RETURN if same as keystore password):

5. Generate CSR request to be turned into a certificate by the CA:
$ keytool -certreq -alias servercert -file server.csr -keystore serverkeystore.jks
Enter keystore password:  password

6. Sign the server certificate:
$ openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 20000
Signature ok
subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=localhost
Getting CA Private Key

7. Import the CA certificate into the server keystore:
$ keytool -importcert -trustcacerts -alias cacert -keystore serverkeystore.jks -file ca.pem
Enter keystore password:  password
...
Trust this certificate? [no]:  yes
Certificate was added to keystore

8. Import the servert certificate into the server keystore:
$ keytool -importcert -trustcacerts -alias servercert -keystore serverkeystore.jks -file server.pem
Enter keystore password:  password
Certificate reply was installed in keystore

++++++++++++++++++++++++++++++++++++++++++++++++++++++

Steps to create the a client certificate for mutual auth:

Follow these stpes to Create a client certificate and import it into a keystore.
------------------------------------------------------
1. Generate private key:
openssl genrsa -out client.key 1024

2. Generate client certificate signing request file (.csr):

openssl req -x509 -sha256 -new -key client.key -days 20000 -out client.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:CA
    Locality Name (eg, city) []:
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:AppDynamics
    Organizational Unit Name (eg, section) []:
    Common Name (e.g. server FQDN or YOUR name) []:AppDynamics
    Email Address []:


3. Create a self signed certificate using the private key in client.key and csr file:
openssl x509 -sha256 -in client.csr -signkey client.key -days 20000 -out selfsigned.crt

4. Create a PKCS12 file called clientkeystore.p12 which contains the private key/self signed certificate pair (we
need to first create a PKCS12 file because it is currenlty not possible to directly import a private key entry into
a JKS file)
openssl pkcs12 -export -name clientkeycert -in selfsigned.crt -inkey client.key -out clientkeystore.p12

Enter Export Password:private_password
Verifying - Enter Export Password:private_password

5. Import the private key entry from clientkeystore.p12 file into the existing clientkeystore.jks file:
keytool -importkeystore -destkeystore clientkeystore.jks -srckeystore clientkeystore.p12 -srcstoretype pkcs12 -alias clientkeycert
Enter destination keystore password:password
Enter source keystore password:private_password

6.  You can list the contents of the keystore to verify that you now have the private key entry:
keytool -list -v -keystore clientkeystore.jks

Enter keystore password:password

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: clientkeycert
Creation date: Jun 29, 2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=AppDynamics, O=AppDynamics, ST=CA, C=US
Issuer: CN=AppDynamics, O=AppDynamics, ST=CA, C=US
Serial number: b1def76534f3c232
Valid from: Mon Jun 29 08:54:33 PDT 2015 until: Tue Apr 01 08:54:33 PDT 2070
Certificate fingerprints:
	 MD5:  68:03:23:1B:10:07:24:D5:00:36:E2:A8:B0:E3:B0:28
	 SHA1: D0:FF:29:3C:7E:3B:2A:AC:42:B5:80:ED:9B:AE:41:9D:4B:AC:85:2F
	 SHA256: B3:EA:44:8E:0A:04:3A:E6:71:D1:F5:15:AE:4E:94:0F:BF:06:2D:6B:C3:FA:A5:55:D3:F3:E2:FF:1E:B4:D3:4C
	 Signature algorithm name: SHA256withRSA
	 Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4C 49 77 0B F4 68 80 95   F0 C3 6C FB A5 F7 81 BB  LIw..h....l.....
0010: 62 55 EE 7A                                        bU.z
]
[CN=AppDynamics, O=AppDynamics, ST=CA, C=US]
SerialNumber: [    b1def765 34f3c232]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4C 49 77 0B F4 68 80 95   F0 C3 6C FB A5 F7 81 BB  LIw..h....l.....
0010: 62 55 EE 7A                                        bU.z
]
]



*******************************************
*******************************************


Alias name: cacert
Creation date: Apr 2, 2015
Entry type: trustedCertEntry

Owner: CN=AppDynamics, O=AppDynamics, ST=CA, C=US
Issuer: CN=AppDynamics, O=AppDynamics, ST=CA, C=US
Serial number: a9d8abebe8b22d90
Valid from: Thu Apr 02 14:27:33 PDT 2015 until: Fri Sep 05 14:27:33 PDT 2031
Certificate fingerprints:
	 MD5:  7B:4B:13:D4:DE:13:1E:D4:26:FD:AB:29:C0:B3:2E:1B
	 SHA1: 32:F4:5D:CE:62:F8:0C:B8:C3:65:E0:A2:D2:2C:1A:7A:C8:4F:C0:E1
	 SHA256: 1B:B9:6D:91:64:01:DE:71:A4:A2:82:47:4C:38:00:61:67:F8:3E:D7:E9:A8:7D:E7:0C:31:97:1A:B0:9F:28:F0
	 Signature algorithm name: SHA256withRSA
	 Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AA 1E 8A A3 39 0F D6 E5   7B 99 E9 C3 C1 C7 62 15  ....9.........b.
0010: 6A 61 4D 14                                        jaM.
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AA 1E 8A A3 39 0F D6 E5   7B 99 E9 C3 C1 C7 62 15  ....9.........b.
0010: 6A 61 4D 14                                        jaM.
]
]



*******************************************
*******************************************



7. Import the client certificate into server truststore:
keytool -import -alias clientkeycert -file selfsigned.crt -keystore serverkeystore.jks

Enter keystore password:password
Owner: CN=AppDynamics, O=AppDynamics, ST=CA, C=US
Issuer: CN=AppDynamics, O=AppDynamics, ST=CA, C=US
Serial number: b1def76534f3c232
Valid from: Mon Jun 29 08:54:33 PDT 2015 until: Tue Apr 01 08:54:33 PDT 2070
Certificate fingerprints:
	 MD5:  68:03:23:1B:10:07:24:D5:00:36:E2:A8:B0:E3:B0:28
	 SHA1: D0:FF:29:3C:7E:3B:2A:AC:42:B5:80:ED:9B:AE:41:9D:4B:AC:85:2F
	 SHA256: B3:EA:44:8E:0A:04:3A:E6:71:D1:F5:15:AE:4E:94:0F:BF:06:2D:6B:C3:FA:A5:55:D3:F3:E2:FF:1E:B4:D3:4C
	 Signature algorithm name: SHA256withRSA
	 Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4C 49 77 0B F4 68 80 95   F0 C3 6C FB A5 F7 81 BB  LIw..h....l.....
0010: 62 55 EE 7A                                        bU.z
]
[CN=AppDynamics, O=AppDynamics, ST=CA, C=US]
SerialNumber: [    b1def765 34f3c232]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4C 49 77 0B F4 68 80 95   F0 C3 6C FB A5 F7 81 BB  LIw..h....l.....
0010: 62 55 EE 7A                                        bU.z
]
]

Trust this certificate? [no]:  yes
Certificate was added to keystore
