REM maybe should run as admin

cd /D "%~dp0"

SET keytool="%JAVA_HOME%\bin\keytool.exe"
SET keystore=C:/lucee/tomcat/lucee-server/context/security/cacerts
SET dname=CN=dat-n-smishch1 SAML key pair, OU=dat-n-smishch1, O=NUBES, L=Moscow, C=RU
SET alias=LUCEE_SAML
SET passwd=changeit

REM it is important for Lucee to see cert

REM SET keytool=D:\railo\jdk\bin\keytool.exe
REM SET keystore=D:\railo\lib\railo-server\context\security\cacerts
REM SET dname=CN=office02 SAML key pair, OU=offiec02, O=NUBES, L=Moscow, C=RU
REM SET alias=OFFICE02_SAML

goto export
REM generate cert + key
%keytool% -v -genkeypair ^
 -dname "%dname%" ^
 -alias %alias% ^
 -keyalg RSA ^
 -keysize 2048 ^
 -validity 3653 ^
 -keypass %passwd% ^
 -storepass %passwd% ^
 -keystore %keystore%
pause

%keytool% -list ^
 -alias %alias% ^
 -keypass %passwd% ^
 -storepass %passwd% ^
 -keystore %keystore% ^
 -v
pause


%cd%
REM export cert + key to p12 keystore
%keytool% -importkeystore ^
-alias %alias% ^
-srckeystore %keystore% ^
-destkeystore keystore.p12 ^
-deststoretype PKCS12 ^
-srckeypass %passwd% ^
-srcstorepass %passwd% ^
-deststorepass %passwd% ^
-destkeypass %passwd%
pause

:export
REM U should convert .p12 keystore to .pem format for sending your cert and key to adfs administrator,  'openssl pkcs12 -in keystore.p12 -out saml.pem'
%keytool% -exportcert ^
-alias %alias%  ^
-keypass %passwd% ^
-keystore %keystore%  ^
-storepass %passwd% ^
-rfc ^
-file LUCEE_SAML.pem
pause