Generate the Client Private Key and Client Certificate File

If you decide to secure your JDBC connection using the JWT assertion type, you generate a private key and certificate to authenticate the connection.

Note: You don't need a private key and certificate file if you're securing your JDBC connection using the Resource Owner assertion type.

See https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html.

1. Generate a key pair and key store.
   From a command prompt, issue a keytool command, using the command format:
   keytool -genkeypair -v -keystore <keystore name> -storetype <store type i.e PKCS12> -storepass <store pass> -keyalg <key algorithm> -keysize <key size> -sigalg <sig algorithm> -validity <validity days> -alias <alias name> -keypass <key pass>
   For example:
   keytool -genkeypair -v -keystore bijdbckeystore.jks -storetype PKCS12 -storepass password -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 3600 -alias bijdbcclientalias -keypass password
2. Generate a public certificate.
   From a command prompt, issue a keytool command, using the command format:
   keytool -exportcert -v -alias <alias name> -keystore <keystore name> -storetype <store type, such as PKCS12> -storepass <store pass> -file <certificate file> -rfc
   For example:
   keytool -exportcert -v -alias bijdbcclientalias -keystore bijdbckeystore.jks -storetype PKCS12 -storepass password -file bijdbcclient.cert -rfc
3. Use OpenSS to extract the private key, in PKCS8 format, from the keystore file.
   Use the command format:
   openssl pkcs12 -in <keystore file name> -passin pass:<keystore password> -nodes -nocerts -nomacver > <PKCS8 key file path>
   For example:
   openssl pkcs12 -in bijdbckeystore.jks -passin pass:password -nodes -nocerts -nomacver |sed -n '/BEGIN PRIVATE KEY/,$p' > bijdbcclient.pem
4. Save the generated key and certificates in a location accessible to your client machine.