Common keytool commands in JDK

-Genkey creates a default file ". keystore" in the user's main directory, and generates a mykey alias. mykey contains the user's public key, private key, and certificate.
-Alias generation
-Keystore specifies the name of the keystore (the generated information will not be in the. keystore file.
-Keyalg: Algorithm for specifying the key
-Validity: Specifies the validity period of the created certificate.
-Keysize: Specifies the key length.
-Storepass: password of the specified keystore
-Keypass: Specifies the password of an Alias Entry
-Dname indicates the certificate owner information, for example, "cn = sagely, ou = ASD, O = szu, L = SZ, St = Gd, c = cn"
-List: displays the certificate information in the keystore. keytool-list-v-keystore sage-storepass ....
-V: displays the certificate details in the keystore.
-Export: export the Certificate specified by the alias to the file keytool-export-alias caroot-file caroot. CRT.
-The file parameter specifies the file name to be exported.
-Delete: Delete the keytool-delete-alias sage-keystore sage entry in the keystore.
-Keypasswd: Modify the entry password keytool-keypasswd-alias sage-keypass ......-New ......-storepass ......-keystore sage in the keystore
-Import the signed digital certificate to the keystore keytool-import-alias sage-keystore sagely-file Sagely. CRT
After importing the signed digital certificate with keytool-list-V, you can obviously find that the length of the authentication chain is longer and print out all the CA chains.

Bytes ------------------------------------------------------------------------------------------------

Keytool Java is a key and certificate management tool. It enables users to manage their own public/private key pairs and related certificates for (digital signature) Self-authentication (users authenticate themselves to other users/services) or data integrity and authentication services. It also allows users to store the public keys of their communication peers (in the form of certificates ). Use keytool-help to view its usage. For details, refer to http: // java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html.

The keytool.exe (in the JDK/bin directory) in the Java certificate creation can be used to create a digital certificate. All the digital certificates are saved to the certificate library in the form of one (alias difference, A certificate in the certificate library contains the private key, public key, and information of the certificate. A certificate file in the certificate library can be exported. The certificate file only contains the subject information and the corresponding public key.
Each certificate library is a file consisting of an access password. When it is created for the first time, it automatically generates a certificate library and requires that the password for accessing the certificate library be specified.
When creating a certificate, you must enter the certificate information and the private key and password corresponding to the certificate. These information includes Cn = XX, ou = XX, O = XX, L = XX, St = XX, c = XX, which means:
? CN (Common name-name and last name): in fact, this "name and last name" should be a domain name, such as localhost or blog.devep.net. Enter the name, and the domain name does not match the real operation, it will cause problems. When the browser accesses the site, a dialog box is displayed, prompting "the name on the security certificate is invalid or does not match the site name". You can choose to continue or browse the Web page. However, when you use an HTTP client to write a program for access, an exception similar to "javax. servlet. servletexception: https hostname wrong: shocould be" will be thrown.
? Ou (organization unit-organization unit name)
? O (Organization-organization name)
? L (locality-city or region name)
? ST (State-State or province name)
? C (country-country name)
You can use an interactive tool to prompt you to enter the above information, or use parameters, such as-dname "cn = XX, ou = XX, O = XX, L = XX, St = XX, C = xx.

Create a certificate
Specify the certificate library as D:/keystore/test and create a certificate with the alias of Tomcat. It is generated using the RSA algorithm and the length of the specified key is 1024. The certificate is valid for one year:
Keytool-genkey-alias tomcat-keyalg RSA-keysize 1024-keystore C:/keystore/test-validity 365
To display the certificates in the certificate library, run the following command: keytool-list-keystore C:/keystore/test to display the list of all certificates in the C:/keystore/test certificate Library:

Export to Certificate file
Run the command: keytool-export-alias tomcat-file C:/keystore/TC. cer-keystore C:/keystore/test will export the certificate with the alias tomcat in certificate library C:/keystore/test to TC. the CER Certificate file contains the information of the certificate body and the public key of the certificate, excluding the private key, which can be made public.
Exported certificate files are binary encoded and cannot be correctly displayed in a text editor. You can add the-RFC parameter to output the exported certificate files in printable editor encoding. For example:
Keytool-export-alias tomcat-file C:/keystore/TC. cer-keystore C:/keystore/test-RFC

View Certificate Information
Run the command: keytool-printcert-file D:/keystore/TC. Cer to view the Certificate file information. You can also double-click the generated Certificate file in Windows Resource Manager to view it directly.

Delete entries in the keystore
Keytool-delete-alias tomcat-keystore C:/keystore/test
This command deletes the Tomcat certificate from the C:/keystore/test database.

Modify the certificate entry password
Keytool-keypasswd-alias tomcat-keystore C:/keystore/test. You can interactively modify the entries in the C:/keystore/test certificate library as Tomcat certificates.
Keytool-keypasswd-alias tomcat-keypass oldpasswd-New newpasswd-storepass storepasswd-keystore C: the/keystore/test command line uses non-interactive methods to change the password of the certificate whose alias is tomcat in the library as the new password newpasswd. The oldpasswd in the line indicates the original password of the certificate, storepasswd is the password of the credential store.