Instalar o pacote OpenSSL

apt-get install openssl

Gerar a chave RSA

Acesso o diretório das chaves

Cria uma chave 4096

openssl genrsa -out cedap.ufrgs.br.key 4096

Criar o CSR

openssl req -new -sha256 -key cedap.ufrgs.br.key -out cedap.ufrgs.br.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:BR
State or Province Name (full name) []:Rio Grande do Sul
Locality Name (eg, city) [Default City]:Porto Alegre
Organization Name (eg, company) [Default Company Ltd]:Universidade Federal do Rio Grande do Sul
Organizational Unit Name (eg, section) []: Centro de Documentação de Acervo Digit al da Pesquisa - CEDAP
Common Name (eg, your name or your server's hostname) []:cedap.ufrgs.br
Email Address []:cedap@ufrgs.br

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Cedap@*****
An optional company name []:

Ativação da Chave de Segurança

keytool -import -trustcacerts -keystore /etc/pki/ca-trust/extracted/java/cacerts -storepass changeit -noprompt -alias mycert -file cedap.ufrgs.br.crt

Removendo certificado anterior

keytool -delete -keystore /etc/pki/ca-trust/extracted/java/cacerts -storepass changeit -noprompt -alias mycert

= Erros -

keytool error: java.lang.Exception: Input not an X.509 certificate

Convert .crt to .pem

 openssl x509 -in cedap.ufrgs.br.crt -out cedap.ufrgs.br.pem