I'm trying to follow the instructions at docs.jboss.org/mod_cluster/1.1.0/html/UsingSSL.html

How do I create the ca.p12 file that is shown under 12.1.2 and 12.1.3?  The instructions say how to create test.p12 but not ca.p12.

Follow-up:

I went ahead and created the ca.p12 file with this command, but I don't know yet if this is correct.

openssl pkcs12 -export -inkey .\demoCA\private\cakey.pem -in .\demoCA\cacerts.pem -out ca.p12

What makes me skeptical of this solution is that it might put the ca private key into the ca.p12 file.  I'm not sure if the ca private key should be used like this.

The next question I have regards 12.2.1. How the different files were created.  Assuming that 12.2.1.1 and 12.2.1.2 mean to create a new CA and server certificate, instead of use the ones that were created previously, when I get to step 2 and run this command:

keytool -importkeystore -srckeystore test.p12 -srcstoretype PKCS12

I get the error:

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect.

I'm following the instructions, but I get this error.  Why?  When it says, "make sure you don't use a passphrase for the key (don't forget to clean the file when done)", what does that mean?  It doesn't allow me not to enter passphrases.  It allows me not to enter "challenge passwords", but I have to enter pass phrases.  I have tried entering challenge passwords and not entering challenge passwords, but I still get the IOException.

Any help is appreciated.