keytool in JAVA

As part of my exploration into JAVA, I have had to learn how JAVA uses certificates. I wrote a script to help me create a signed, trusted certificate for a client program.

The keys generated are not secure:

1. We generated the keypass and storepass in public at the command line.
2. The same keys were used for keypass and storepass for both certificate authority and the
   trusted certificate.
3. The Certificate Authoritie's key should be protected.
   

#!/bin/bash
#
# $1 self-signed - certificate
# $2 password
# $3 dn (e.g. cn=localhost)
#
#
# Create a self-signed certificate authority and issue a trusted certificate for a client
#
if (( $# != 3 )) ; then
echo "**************** Wrong Number of Arguments ***************"
echo usage $0 "[certname]" "[passwd]" "\"[distinct name]\""
echo
echo "$0 creates a self-signed, trusted certificate in"
echo " $1.keystore the trusted, self-signed certificate"
echo " $1_ca.keystore holds the private key"
echo
echo " $2 is used for both key and store passwords"
echo
echo " should be enclosed in quotes(\") and"
echo " should follow usual practices. E.G. \"cn=localhost\""

exit 1
fi

# remove old certificate fles
rm -rf ${1}_ca.keystore ${1}_ca.cert ${1}.keystore

############################################# CERTIFICATE AUTH $1_ca.keystore
# generate self-sign certificate
keytool -noprompt -alias ${1}_ca \

-genkey -validity 3650 \
-keyalg RSA -keysize 1024 \
-storepass $2 -keypass $2 \
-dname "$3" \
-keystore ${1}_ca.keystore


############################################# List CA Keystore $1_ca.keystore
# get basic certificate information
echo "***************** CERTIFICATE AUTHORITY LIST **********************"
keytool -list -v -storepass $2 -noprompt -keystore ${1}_ca.keystore

############################################# Client Keystore $1.keystore
# Create a client keystore that trusts our certificate $1.keystore
#
# export so that we can later import it as trusted $1_ca.cert
keytool -noprompt -export -rfc -alias ${1}_ca \

-storepass $2 -keypass $2 \
-keystore ${1}_ca.keystore \
-file ${1}_ca.cert


# create trusted certificate for use by a client program in $1 store
keytool -import -noprompt -alias ${1}_ca \

-trustcacerts -file ${1}_ca.cert \
-keystore ${1}.keystore \
-keypass $2 -storepass $2


############################################# List Client Keystore $1.keystore
# get basic certificate information
echo "***************** TRUSTED CERTIFICATE **********************"
keytool -list -v -storepass $2 -noprompt -keystore ${1}.keystore

echo "Passwords were provided as command arguments and may have been"
echo "viewed by others."