creer le keystore BKS
keytool -genkeypair -v -alias app_zzz -keyalg RSA -keysize 1024 -dname "CN=zzz, OU=zzz, O=zzz, L=zzz,S=00, C=FR" -validity 3600 -keypass zzz -keystore zzz.bks -storepass zzz -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath C:\Users\zzz\BouncyCastle\bcprov-jdk16-146.jar
importer le CA
keytool -importcert -trustcacerts -alias CA_zzz -file CA_zzz.crt -keypass zzz -keystore zzz.bks -storepass zzzz -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath C:\Users\zzz\BouncyCastle\bcprov-jdk16-146.jar
verifier le keystore
keytool -list -keypass zzz -keystore zzz.bks -storepass zzz -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath C:\Users\zzz\BouncyCastle\bcprov-jdk16-146.jar

ps : Cet exemple se base sur le keytool de la jdk 1.6 (les options sont un peu différentes sur la jdk 1.5)