//Generate key pairCorrect.
//Generate the Certificate Signing Request.Correct.
//Creating a Sample CA CertificateI don't think so. All this does is create another CSR.
openssl req -config /etc/pki/tls/openssl.cnf -newkey rsa:1152 -new -x509 -keyout ca-key.pem -out ca-certificate.pem -days 1825
//Generate a signed certificate for the associated Certificate Signing RequestCould be.
openssl x509 -req -CA ca-certificate.pem -CAkey ca-key.pem -in TestIssueEpic.csr -out TestIssueEpicsinged.cer -days 1825 -CAcreateserial
//Use the keytool to import the CA certificate into the client keystore.Correct.
//Use the keytool to import the signed certificate for the associated client alias in the keystore.Correct. However the signed client certificate should include its signer chain so the previous step may be redundant.
Let me know that how to get client privateThe client private key is in the keystore and that's where it should stay. It should specifically not be provided to anybody else. It's private, innit?
and public keyThe client's public key is in the signed certificate.
because other party is required TestIssueEpicsinged.cer and client public key.Just provide them with the signed certificate and possibly the signed CA certificate.