How to Use Keytool for Eclipse

1. Create a keystore, named 'keystore.jks' in our example, by running the following command:keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks

2. Enter the 'Common Name,' 'Organizational Unit,' 'Organization,' 'Locality,' 'State' and 'Country' values when you are prompted for them.

3. Verify the contents of your new keystore by running the following command:keytool -list -v -keystore keystore.jks

4. Use 'keytool -certreq -v -alias tomcat -file csr-for-myserver.pem -keystore keystore.jks' to generate a CRS, or Certificate Signing Request. The 'csr-for-myserver.pem' contents must be submitted to your CA for signing.

5. Save the resulting signed certificate to a file with the '.pem' extension. We will name this file 'signed-cert.pem.' If you need to see the contents of this file, run the following command:keytool -printcert -v -file signed-cert.pem

6. Download the Root certificate from the CA and name it 'root-cert.pem.' Now send it to your keystore by using this command:keytool -import -v -noprompt -trustcacerts -alias cacert -file root-cert.pem

7. Verify the contents of the keystore again to make sure the certificate is there. Your new private key is saved in your new keystore. You can repeat this process to generate keys for other applications.