Keytool is a Java Data Certificate management tool that Keytool the key (key) and certificate (certificates) in a file called KeyStore in KeyStore, containing two kinds of data: key entity Entity)-the key (secret key) or the private key and the paired public key (with asymmetric encryption) can be trusted by the certificate entity (trusted certificate entries)-contains only the public key.
Keytool Common parameter Descriptions in JDK ( different versions vary, see the official Documentation link in the Appendix for details ):
- -genkey a default file ". KeyStore" is created in the user's home directory, and a MyKey alias is generated, MyKey contains the user's public key, private key, and certificate (in the absence of a specified build location, the default directory for the user's system is present in KeyStore)
- -alias generating aliases Each keystore is associated with this unique alias, which is usually case-insensitive
- -keystore Specifies the name of the KeyStore (the resulting types of information will not be in the. keystore file)
- -keyalg the algorithm that specifies the key (such as the RSA DSA, the default value is: DSA)
- -validity Specifies how many days the certificate is created (default 90)
- -keysize specifying the key length (default 1024)
- -storepass Specify the password for the KeyStore (the password required to get the KeyStore information)
- -keypass the password for the specified alias entry (the password for the private key)
- -DNAME Specifies the certificate publisher information where: "cn= name and last name, ou= organizational unit name, o= organization name, L= City or region name, st= state or province name, c= unit of two-letter country code"
- -list Show certificate information in KeyStore keytool-list-v-keystore specify keystore-storepass password
- -V Show certificate details in KeyStore
- -export Export the certificate specified by the alias to a file Keytool-export-alias the alias you want to export-keystore specify Keystore-file Specify the location of the exported certificate and the certificate name-storepass password
- The-file parameter specifies the filename to export to a file
- -delete Delete an entry in the KeyStore Keytool-delete-alias specify the-keystore specified keystore–storepass password to be deleted
- -printcert View the exported certificate information Keytool-printcert-file G:\SSO\MICHAEL.CRT
- -KEYPASSWD Modify the specified entry password in the KeyStore Keytool-keypasswd-alias the alias to be modified-keypass old password-new new password-storepass keystore password-keystore sage
- -STOREPASSWD Modify KeyStore Password Keytool-storepasswd-keystore g:\sso\michael.keystore (need to change password KeyStore)-storepass pwdold ( Original password)-new pwdnew (new password)
- -import the signed digital certificate into the KeyStore Keytool-import-alias specify an alias for the import entry-keystore specify the certificate to be imported Keystore-file
Catalogue Description:
- Generate certificate
- View certificates
- Certificate Export
- Client Import Certificate
- Appendix Information
first, generate certificatesPress win key +r, pop up the Run window, enter CMD return, open the Command Line window, enter the following command:
|
keytool -genkey - alias michaelkey -keyalg RSA -keysize 1024 -keypass michaelpwd -validity 365 -keystore g:\sso\michael.keystore -storepass michaelpwd2 |
As follows:
Second, view the certificate
By default, the-list command prints the MD5 thumbprint of the certificate. If the-v option is specified, the certificate is printed in a readable format, and if the-RFC option is specified, the certificate is output in printable encoding format.
The- v command is as follows:
|
keytool -list - v -keystore g:\sso\michael.keystore -storepass michaelpwd2 |
Enter to see the following information:
The -RFC command is as follows:
keytool -list -rfc -keystore g:\sso\michael.keystore -storepass michaelpwd2
Enter to see the following information:
Iii. Export and view of certificates:Export Certificate Command:
|
keytool - export - alias michaelkey -keystore g:\sso\michael.keystore - file g:\sso\michael.crt -storepass michaelpwd2 |
Enter as follows:
View the exported certificate information:
|
keytool -printcert - file g:\sso\michael.crt |
Enter to see the following information:
Iv. Client Import Certificate:
Keytool-import-keystore%java_home%\jre\lib\security\cacerts-fileg:\sso\ssodemo.crt-alias Ssodemo
v. Official introduction to the Keytool command document:
- Jdk1.4.2:http://docs.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html
- Jdk1.6:http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
- Jdk1.7:http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html
Java Keytool Certificate Tool usage Summary (RPM)