First generate a certificate with Keytool
1 Generating key
D:/>keytool-genkey-alias wenger-keysize 1024-keypass Abcdef-keystore MyKeys
Tore-storepass Abcdef-dname "Cn=chen Sr, Ou=tanglab, O=lab, L=gz, ST=GD, C=CN"
2 Export key, save in the form of certificate
D:/>keytool-export-alias wenger-file Mycert.cer-keystore Mykeystore-storepass abcdef
Certificates saved in a file <mycert.cer>
Read the certificate's information in Java
Import java.io. * ;
Import Java.security.cert. * ;
public class TestCert {
public static void Main (string[] args) {
try {
FileInputStream fis = new FileInputStream ("Mycert.cer");
Certificatefactory cf=certificatefactory.getinstance ("X509");
X509Certificate c= (x509certificate) cf.generatecertificate (FIS);
System.out.println ("Certficate for" + C.GETSUBJECTDN ());
System.out.println ("Generated with" +c.getsigalgname ());
}
catch (FileNotFoundException ex) {
}
catch (Certificateexception ex) {
/** *//** @todo Handle this exception * *
}
}
}
Output:
Certficate Forcn=chen Sr, Ou=tanglab, O=lab, L=gz, ST=GD, C=CN
Generated with SHA1WITHDSA
Keytool Common commands in JDK
-genkey creates a default file ". KeyStore" in the user's home directory, and also produces a MyKey alias, MyKey contains the user's public key, private key, and certificate
-alias Generate aliases
-keystore Specifies the name of the KeyStore (the resulting types of information will not be in the. keystore file
-keyalg the algorithm that specifies the key
-validity specify how many days the certificate is valid for creation
-keysize Specify key length
-STOREPASS Specifies the password for the KeyStore
-KEYPASS Specifies the password for the alias entry
-dname Specify certificate owner information for example: "CN=SAGELY,OU=ATR,O=SZU,L=SZ,ST=GD,C=CN"
-list Displays the certificate information in the KeyStore keytool-list-v-keystore sage-storepass ....
-V Display certificate details in KeyStore
-export Export the certificate specified by the alias to a file Keytool-export-alias caroot-file caroot.crt
The-file parameter specifies the file name to export to the file
-delete Delete an entry in the KeyStore Keytool-delete-alias sage-keystore Sage
-KEYPASSWD Modify the specified entry password in the KeyStore keytool-keypasswd-alias sage-keypass ...-storepass ...-keystore sage
-import the signed digital certificate into the KeyStore keytool-import-alias sage-keystore sagely-file sagely.crt
Import signed digital certificates with KEYTOOL-LIST-V, it can be found that the length of the chain is much longer, and the whole CA chain is printed out.
1. Display of certificates
-list
[v |-rfc] [-alias <alias>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>]
Example: Keytool-list-v-alias rapaserver-keystore cacerts-storepass 12345678
Keytool-list-v-keystore d2aapplet.keystore-storepass 12345678-storetype iaikkeystore
2. Export a certificate to a certificate file
For example: Keytool-export-keystore monitor.keystore-alias monitor-file Monitor.cer
The certificate in the certificate library Monitor.keystore is exported to the Monitor.cer certificate file, which contains information about the subject of the certificate and the public key of the certificate, excluding the private key, which can be made public.
Keytool-export-keystore D2aapplet.keystore-alias rapaserver-file Rapa.cert-storetype IAIKKeystore
3. Import the KeyStore into the certificate
This is where you import the Java default certificate cacerts Rapa.cert
Keytool-import-alias Rapaserver-keystore cacerts-file Rapa.cert-keystore cacerts
4. Deletion of certificate entries
Keytool command line arguments-delete can delete entries in the KeyStore, such as: Keytool-delete-alias rapaserver-keystore d2aapplet.keystore, this command Rapaserver in D2aapplet.keystore This certificate has been deleted.
5. Modify the password of the certificate entry
Using-KEYPASSWD parameters, such as: Keytool-keypasswd-alias Rapaserver-keystore D2aapplet.keystore, can be modified interactively D2aapplet.keystore the entry in the certificate library is a rapaserver certificate.
Keytool-keypasswd-alias rapaserver-keypass 654321-new 123456-storepass 888888-keystore d2aapplet.keystore This line of command is non-interactive The way to modify the library alias Rapaserver certificate password is a new password 654321, the line of 123456 refers to the original password of the certificate, 888888 is to refer to the password of the stack.