Generate a certificate using Keytool

Source: Internet
Author: User
Tags certificate fingerprint pkcs12 nginx server

Keytool Tools Introduction

Keytool is a tool that Java uses to manage keys and certificates , including the following features:

1 Creating and Managing keys

2 Creating and Managing certificates

3 authorizing a certificate as a CA

4 Importing and exporting certificates

Keytool uses KeyStore to store keys and certificates, which can include private keys and trust certificates;
The KeyStore file uses the JKS format with key storage, where the private key is stored with a separate password;

first, generate the private key
Keytool-genkey-alias Serverkey-keystore Server.keystore

Follow the prompts to enter KeyStore store password, private key password, personal information, and then generate Server.keystore file

Related Parameters
-keyalt RSA uses RSA algorithm (default)-storepass keystore file password-keypass private key password
second, export the certificate
Keytool-export-keystore server.keystore-file Server.cer-alias Serverkey
Iii. Importing Trust Certificates (client use)
Keytool-import-keystore clienttrust.keystore-file Server.cer-alias Servertrust
Iv. viewing keys and certificates

Viewing the server key

Keytool-list-keystore Server.keystore

Output

Keystore type:jkskeystore provider:sunyour Keystore contains 1 entryserverkey, SEP, privatekeyentry,certificate Fingerprint (SHA1): 65:75:c9:08:a0:83:21:a1:d7:8d:da:cd:3d:fb:c2:e0:50:96:29:62

  

View Clienttrust Keys

Keytool-list-keystore Clienttrust.keystore

Output

Keystore type:jkskeystore provider:sunyour Keystore contains 1 entryservertrust, SEP, trustedcertentry,certific Ate fingerprint (SHA1): 65:75:c9:08:a0:83:21:a1:d7:8d:da:cd:3d:fb:c2:e0:50:96:29:62

  

Plus-v option to see more details

View certificates

Keytool-printcert-file Server.cer

Output

Owner:cn=zz, Ou=dev, o=pp.com, L=gz, ST=GD, C=cnissuer:cn=zz, Ou=dev, o=pp.com, L=gz, ST=GD, c=cnserial number:797f3140 Valid From:sun Sep 16:43:55 CST Until:sat Dec 16:43:55 CST 2016Certificate fingerprints:md5:fb:7d:29:4c:a9:f 3:07:0e:cc:74:0d:9b:d4:d6:4d:91sha1:65:75:c9:08:a0:83:21:a1:d7:8d:da:cd:3d:fb:c2:e0:50:96:29:62sha256:e9:8b:a5 : 43:5f:40:fa:c5:64:3b:0a:11:1d:be:d1:07:3c:a1:e2:50:88:71:a7:5c:ec:43:22:98:1b:aa:b6:ebsignature algorithm Name: Sha1withdsaversion:3extensions: #1: objectid:2.5.29.14 criticality=falsesubjectkeyidentifier [KeyIdentifier [0000: 0E C3 D3 3 a 3C B7 D9 C4 BD 8E E7 6C EC. B.u:<.....c.l.0010:af 8A 29 72..) R]]

  

Five conversion commands

Turn JKS format to PKCS

Keytool-importkeystore-srckeystore me.keystore-destkeystore me.p12-srcalias Me-destalias me-srcstoretype jks-destst Oretype PKCS12

FAQ

* * Keytool General format is JKS, how do I get the private key? **
Answer: Read the output through the program;

* * How do I convert a jks file to a PEM file for an nginx server? **
A: Usually the JKs file already contains the private key, certificate, CA certificate information, you can convert JKS to PKCS format via Keytool, and then the conversion is extracted via OpenSSL:

Extract privatekey-nodes indication output no encrypted PEM file OpenSSL pkcs12-in me.p12-nodes-nocerts-out me.key extract certificate OpenSSL pkcs12-in Me.p12-nod Es-nokeys-clcerts-out ME.CRT Extract CA certificate (empty if self-signed) OpenSSL pkcs12-in me.p12-nodes-nokeys-cacerts-out ca.crt

  

Generate a certificate using Keytool

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.