I followed This link.
1.Generate keystore(At server):
keytool -genkey -alias bmc -keyalg RSA -keystore KeyStore.jks -keysize 2048
2.Generate new ca-cert and ca-key:
openssl req -new -x509 -keyout ca-key -out ca-cert
3.Extracting cert/creating cert sign req(csr):
keytool -keystore KeyStore.jks -alias bmc -certreq -file cert-file
4.Sign the “cert-file” and cert-signed wil be the new cert:
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out
cert-signed -days 365 -CAcreateserial -passin pass:yourpass
5.importing the ca-cert to keystore file:
keytool -keystore KeyStore.jks -alias CARoot -import -file ca-cert
6.import cert-signed to keystore:
keytool -keystore KeyStore.jks -alias bmc -import -file cert-signed
7.Copy ca-cert into client machine and generate truststore: (At client)
keytool -keystore truststore.jks -alias bmc -import -file ca-cert-s
8.Copy ca-cert into client machine and generate truststore: (At server)
keytool -keystore truststore.jks -alias bmc -import -file ca-cert-c
**Repeat the step(1-6) at client side and generate truststore at server side by importing ca-cert of client(step 8)
Renamed ca-cert after step 6.
Ex: ca-cert-s generated at server side and ca-cert-c at client and exchanged each other for generating truststore.