zookeeper 的 ssl 需要的证书该怎么生成？

实在不知道该怎么生成 zookeeper 需要的证书？

尝试过以下：

# 生成服务器 keystore (密钥和证书)
keytool -genkeypair -keystore server.keystore.jks -alias localhost -keyalg RSA -keysize 2048 -validity 365 -storepass store123456 -keypass key123456   -dname "CN=localhost, OU=Zookeeper, O=Apache, L=Unknow, ST=Unknow, C=Unknow"

# 导出证书
keytool -export -keystore server.keystore.jks -alias localhost -storepass store123456 -file server.crt

# 导入到服务器信任证书
keytool -v -keystore server.truststore.jks -alias localhost -import -file server.crt -storepass store123456 <<!
y
!

然后得到的 server.keystore.jks 和 server.truststore.jks 并不能用，报以下错误：

Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:306)
    at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1127)
    at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:814)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
    at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1457)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1365)
    ... 18 more