Package signing certificate keystores can be created using the keytool
command provided by the JDK.
To Create a self signed certificate for package signing that is good for 10 years:
keytool -genkeypair \
-alias _dunesrsa_alias_ \
-keyalg RSA \
-keysize 2048 \
-sigalg SHA512withRSA \
-storetype JCEKS \
-keystore package-signing-cert.jks \
-storepass password \
-dname "CN=Pkg Sign Team,OU=Org,O=Company,C=Country" \
-ext eku=sa \
-ext ku:c=dig,keyEncipherment \
-validity 3650
Make the certificate unique by updating the distinquished name (-dname
), keystore password (-storepass
)