Home > Others

Generate a certificate using Keytool

Source: Internet
Author: User
Tags certificate fingerprint pkcs12 nginx server
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Keytool Tools Introduction

Keytool is a tool that Java uses to manage keys and certificates , including the following features:

1 Creating and Managing keys

2 Creating and Managing certificates

3 authorizing a certificate as a CA

4 Importing and exporting certificates

Keytool uses KeyStore to store keys and certificates, which can include private keys and trust certificates;
The KeyStore file uses the JKS format with key storage, where the private key is stored with a separate password;

first, generate the private key 
Keytool-genkey-alias Serverkey-keystore Server.keystore

Follow the prompts to enter KeyStore store password, private key password, personal information, and then generate Server.keystore file

Related Parameters 
-keyalt RSA uses RSA algorithm (default)-storepass keystore file password-keypass private key password
second, export the certificate 
Keytool-export-keystore server.keystore-file Server.cer-alias Serverkey
Iii. Importing Trust Certificates (client use) 
Keytool-import-keystore clienttrust.keystore-file Server.cer-alias Servertrust
Iv. viewing keys and certificates

Viewing the server key

Keytool-list-keystore Server.keystore

Output

Keystore type:jkskeystore provider:sunyour Keystore contains 1 entryserverkey, SEP, privatekeyentry,certificate Fingerprint (SHA1): 65:75:c9:08:a0:83:21:a1:d7:8d:da:cd:3d:fb:c2:e0:50:96:29:62

  

View Clienttrust Keys

Keytool-list-keystore Clienttrust.keystore

Output

Keystore type:jkskeystore provider:sunyour Keystore contains 1 entryservertrust, SEP, trustedcertentry,certific Ate fingerprint (SHA1): 65:75:c9:08:a0:83:21:a1:d7:8d:da:cd:3d:fb:c2:e0:50:96:29:62

  

Plus-v option to see more details

View certificates

Keytool-printcert-file Server.cer

Output

Owner:cn=zz, Ou=dev, o=pp.com, L=gz, ST=GD, C=cnissuer:cn=zz, Ou=dev, o=pp.com, L=gz, ST=GD, c=cnserial number:797f3140 Valid From:sun Sep 16:43:55 CST Until:sat Dec 16:43:55 CST 2016Certificate fingerprints:md5:fb:7d:29:4c:a9:f 3:07:0e:cc:74:0d:9b:d4:d6:4d:91sha1:65:75:c9:08:a0:83:21:a1:d7:8d:da:cd:3d:fb:c2:e0:50:96:29:62sha256:e9:8b:a5 : 43:5f:40:fa:c5:64:3b:0a:11:1d:be:d1:07:3c:a1:e2:50:88:71:a7:5c:ec:43:22:98:1b:aa:b6:ebsignature algorithm Name: Sha1withdsaversion:3extensions: #1: objectid:2.5.29.14 criticality=falsesubjectkeyidentifier [KeyIdentifier [0000: 0E C3 D3 3 a 3C B7 D9 C4 BD 8E E7 6C EC. B.u:<.....c.l.0010:af 8A 29 72..) R]]

  

Five conversion commands

Turn JKS format to PKCS

Keytool-importkeystore-srckeystore me.keystore-destkeystore me.p12-srcalias Me-destalias me-srcstoretype jks-destst Oretype PKCS12

FAQ

* * Keytool General format is JKS, how do I get the private key? **
Answer: Read the output through the program;

* * How do I convert a jks file to a PEM file for an nginx server? **
A: Usually the JKs file already contains the private key, certificate, CA certificate information, you can convert JKS to PKCS format via Keytool, and then the conversion is extracted via OpenSSL:

Extract privatekey-nodes indication output no encrypted PEM file OpenSSL pkcs12-in me.p12-nodes-nocerts-out me.key extract certificate OpenSSL pkcs12-in Me.p12-nod Es-nokeys-clcerts-out ME.CRT Extract CA certificate (empty if self-signed) OpenSSL pkcs12-in me.p12-nodes-nokeys-cacerts-out ca.crt

  

Generate a certificate using Keytool

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
keytool import certificate java keytool import certificate keytool import certificate chain keytool export certificate keytool generate ecc certificate openssl generate x509 certificate

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More