Reprint--Http://www.cnblogs.com/tyjsjl/p/3359255.html
1. Create a certificate
C:/jdk1.5.0_04/bin>keytool-genkey-alias Xahca-keyalg Rsa-keystore Dyfcalib
Enter KeyStore Password: ADMINDYF
What is your first and last name?
[Unknown]: Xu Yunwu
What is the name of your organizational unit?
[Unknown]: Tianhe
What is your organization's name?
[Unknown]: Tianhe Co., Ltd.
What is the name of your city or region?
[Unknown]: Nanjing
What is the name of your state or province?
[Unknown]: Jiangsu
What is the two-letter country code for this unit?
[Unknown]: CN
cn= Xu Yunwu, ou= Tianhe, O= Tianhe Co., Ltd., l= Nanjing, st= Jiangsu, C=CN correct?
[No]: Y
Enter the master password for <xahCA>
(If same as KeyStore password, press ENTER): Xahadmin
2. List all certificates in the certificate library (a total of two: XAHCA and DYFCA)
C:/jdk1.5.0_04/bin>keytool-list-keystore Dyfcalib
Enter KeyStore Password: ADMINDYF
Keystore Type: JKS
Keystore by: SUN
Your keystore contains 2 inputs
XAHCA, 2006-12-16, Keyentry,
Certified fingerprint (MD5): 2C:36:A5:52:D0:4A:BA:72:60:19:2F:32:80:02:A9:C5
DYFCA, 2006-12-16, Keyentry,
Certified fingerprint (MD5): e7:8b:d8:93:1a:06:b1:b8:51:3d:13:cf:46:38:ac:77
3. List the certificates in the certificate library with the alias XAHCA
C:/jdk1.5.0_04/bin>keytool-list-v-alias Xahca-keystore Dyfcalib
Enter KeyStore Password: ADMINDYF
Alias Name: XAHCA
Date Created: 2006-12-16
INPUT type: keyentry
Certification Chain Length: 1
Certification [1]:
owner:cn= Xu Yunwu, ou= Tianhe, O= Tianhe Co., Ltd., l= Nanjing, st= Jiangsu, C=CN
Issued by: cn= Xu Yunwu, ou= Tianhe, O= Tianhe Co., Ltd., l= Nanjing, st= Jiangsu, C=CN
Sequence Number: 458400d7
Active period: Sat Dec 22:21:11 CST 2006 to: Fri Mar 22:21:11 CST 2007
Certified Fingerprint:
Md5:2c:36:a5:52:d0:4a:ba:72:60:19:2f:32:80:02:a9:c5
Sha1:e6:a2:dd:ee:d2:8f:fb:d4:85:ce:46:4f:7e:25:7f:c4:c2:69:68:df
4. Delete the certificate in the certificate store with the certificate alias XAHCA
C:/jdk1.5.0_04/bin>keytool-delete-alias Xahca-keystore Dyfcalib
Enter KeyStore Password: ADMINDYF
After deletion, the certificate in the certificate store is listed with only one remaining
C:/jdk1.5.0_04/bin>keytool-list-keystore Dyfcalib
Enter KeyStore Password: ADMINDYF
Keystore Type: JKS
Keystore by: SUN
Your keystore contains 1 inputs
DYFCA, 2006-12-16, Keyentry,
Certified fingerprint (MD5): e7:8b:d8:93:1a:06:b1:b8:51:3d:13:cf:46:38:ac:77
5. Modify the certificate password
C:/jdk1.5.0_04/bin>keytool-keypasswd-alias Dyfca-keystore Dyfcalib
Enter KeyStore Password: ADMINDYF
Enter <dyfCA> master password dyfadmin
New <dyfCA> master password: dyfadmin
Must be a different password
New <dyfCA> master password: DYF
Password is too short-must be at least 6 characters
New <dyfCA> master password: DYFPWS
Re-enter the new <dyfCA> master password: DYFPWS
6. Non-interactive password change
C:/jdk1.5.0_04/bin>keytool-keypasswd-alias Dyfca-keypass dyfpws-new Dyfadmin
-storepass Admindyf-keystore Dyfcalib
7. List the details of the certificate
C:/jdk1.5.0_04/bin>keytool-list-v-alias Dyfca-keystore Dyfcalib
Enter KeyStore Password: ADMINDYF
Alias Name: DYFCA
Date Created: 2006-12-16
INPUT type: keyentry
Certification Chain Length: 1
Certification [1]:
owner:cn= Dong Yunfei, ou=, o= Tian Yun, l= Nanjing, st= Jiangsu, C=CN
Issued by: cn= Dong Yunfei, ou=, o=, l= Nanjing, st= Jiangsu, C=CN
Sequence Number: 4583FD13
Active period: Sat Dec 22:05:07 CST 2006 to: Tue Dec 22:05:07 CST 2016
Certified Fingerprint:
Md5:e7:8b:d8:93:1a:06:b1:b8:51:3d:13:cf:46:38:ac:77
Sha1:8c:cb:76:50:db:34:35:c5:95:49:da:9e:18:22:b0:f9:af:73:c8:f5
8. Export the certificate to a certificate file (the certificate file is encoded in binary, cannot be viewed with a text editor, does not utilize the advertisement certificate)
C:/jdk1.5.0_04/bin>keytool-export-alias dyfca-file Dyfca.cer-keystore dyfcal
Ib
Enter KeyStore Password: ADMINDYF
Certificates saved in a file <dyfCA.cer>
9. Export the certificate to a certificate file (output as a printable encoding)
C:/jdk1.5.0_04/bin>keytool-export-alias dyfca-file Dyfca.cer-keystore dyfcal
Ib-rfc
Enter KeyStore Password: ADMINDYF
Certificates saved in a file <dyfCA.cer>
10. View the certificate file
C:/jdk1.5.0_04/bin>keytool-printcert-file Dyfca.cer
owner:cn= Dong Yunfei, ou=, o= Tian Yun, l= Nanjing, st= Jiangsu, C=CN
Issued by: cn= Dong Yunfei, ou=, o=, l= Nanjing, st= Jiangsu, C=CN
Sequence Number: 4583FD13
Active period: Sat Dec 22:05:07 CST 2006 to: Tue Dec 22:05:07 CST 2016
Certified Fingerprint:
Md5:e7:8b:d8:93:1a:06:b1:b8:51:3d:13:cf:46:38:ac:77
Sha1:8c:cb:76:50:db:34:35:c5:95:49:da:9e:18:22:b0:f9:af:73:c8:f5
11. Sign your own certificate
C:/jdk1.5.0_04/bin>keytool-selfcert-alias Dyfca-keystore Dyfcalib
Enter KeyStore Password: ADMINDYF
Enter <dyfCA> master password dyfadmin
Generate a certificate with Keytool