Home > Developer > Java

Java Keytool Certificate Tool usage Summary (RPM)

Source: Internet
Author: User
Tags rfc asymmetric encryption
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Keytool is a Java Data Certificate management tool that Keytool the key (key) and certificate (certificates) in a file called KeyStore in KeyStore, containing two kinds of data: key entity Entity)-the key (secret key) or the private key and the paired public key (with asymmetric encryption) can be trusted by the certificate entity (trusted certificate entries)-contains only the public key.

Keytool Common parameter Descriptions in JDK ( different versions vary, see the official Documentation link in the Appendix for details ):

  • -genkey a default file ". KeyStore" is created in the user's home directory, and a MyKey alias is generated, MyKey contains the user's public key, private key, and certificate (in the absence of a specified build location, the default directory for the user's system is present in KeyStore)
  • -alias generating aliases Each keystore is associated with this unique alias, which is usually case-insensitive
  • -keystore Specifies the name of the KeyStore (the resulting types of information will not be in the. keystore file)
  • -keyalg the algorithm that specifies the key (such as the RSA DSA, the default value is: DSA)
  • -validity Specifies how many days the certificate is created (default 90)
  • -keysize specifying the key length (default 1024)
  • -storepass Specify the password for the KeyStore (the password required to get the KeyStore information)
  • -keypass the password for the specified alias entry (the password for the private key)
  • -DNAME Specifies the certificate publisher information where: "cn= name and last name, ou= organizational unit name, o= organization name, L= City or region name, st= state or province name, c= unit of two-letter country code"
  • -list Show certificate information in KeyStore keytool-list-v-keystore specify keystore-storepass password
  • -V Show certificate details in KeyStore
  • -export Export the certificate specified by the alias to a file Keytool-export-alias the alias you want to export-keystore specify Keystore-file Specify the location of the exported certificate and the certificate name-storepass password
  • The-file parameter specifies the filename to export to a file
  • -delete Delete an entry in the KeyStore Keytool-delete-alias specify the-keystore specified keystore–storepass password to be deleted
  • -printcert View the exported certificate information Keytool-printcert-file G:\SSO\MICHAEL.CRT
  • -KEYPASSWD Modify the specified entry password in the KeyStore Keytool-keypasswd-alias the alias to be modified-keypass old password-new new password-storepass keystore password-keystore sage
  • -STOREPASSWD Modify KeyStore Password Keytool-storepasswd-keystore g:\sso\michael.keystore (need to change password KeyStore)-storepass pwdold ( Original password)-new pwdnew (new password)
  • -import the signed digital certificate into the KeyStore Keytool-import-alias specify an alias for the import entry-keystore specify the certificate to be imported Keystore-file
Catalogue Description:
    1. Generate certificate
    2. View certificates
    3. Certificate Export
    4. Client Import Certificate
    5. Appendix Information
first, generate certificatesPress win key +r, pop up the Run window, enter CMD return, open the Command Line window, enter the following command:
keytool -genkey -aliasmichaelkey -keyalg RSA -keysize 1024 -keypass michaelpwd -validity 365 -keystore g:\sso\michael.keystore -storepass michaelpwd2
As follows:
Second, view the certificate

By default, the-list command prints the MD5 thumbprint of the certificate. If the-v option is specified, the certificate is printed in a readable format, and if the-RFC option is specified, the certificate is output in printable encoding format.

The- v command is as follows:
keytool -list  -v-keystore g:\sso\michael.keystore -storepass michaelpwd2
Enter to see the following information:
The -RFC command is as follows: keytool -list -rfc -keystore g:\sso\michael.keystore -storepass michaelpwd2Enter to see the following information:

Iii. Export and view of certificates:Export Certificate Command:
keytool -export-aliasmichaelkey -keystore g:\sso\michael.keystore -fileg:\sso\michael.crt -storepass michaelpwd2
Enter as follows:

View the exported certificate information:
keytool -printcert -fileg:\sso\michael.crt
Enter to see the following information:

Iv. Client Import Certificate:

Keytool-import-keystore%java_home%\jre\lib\security\cacerts-fileg:\sso\ssodemo.crt-alias Ssodemo

v. Official introduction to the Keytool command document:
    • Jdk1.4.2:http://docs.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html
    • Jdk1.6:http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
    • Jdk1.7:http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html

Java Keytool Certificate Tool usage Summary (RPM)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
keytool import certificate keytool import certificate chain keytool export certificate java keytool tutorial how to create x509 certificate using keytool keytool disk usage tool
Related Article
The difference between fail-fast and fail-safe in Java

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More