-genkey creates a default file ". KeyStore" in the user's home directory, and also produces a MyKey alias, MyKey contains the user's public key, private key, and certificate
-alias Generate aliases
-keystore Specifies the name of the KeyStore (the resulting types of information will not be in the. keystore file
-keyalg the algorithm that specifies the key
-validity specify how many days the certificate is valid for creation
-keysize Specify key length
-STOREPASS Specifies the password for the KeyStore
-KEYPASS Specifies the password for the alias entry
-dname Specify certificate owner information for example: "CN=SAGELY,OU=ATR,O=SZU,L=SZ,ST=GD,C=CN"
-list Displays the certificate information in the KeyStore keytool-list-v-keystore sage-storepass ....
-V Display certificate details in KeyStore
-export Export the certificate specified by the alias to a file Keytool-export-alias caroot-file caroot.crt
The-file parameter specifies the file name to export to the file
-delete Delete an entry in the KeyStore Keytool-delete-alias sage-keystore Sage
-KEYPASSWD Modify the specified entry password in the KeyStore keytool-keypasswd-alias sage-keypass ...-storepass ...-keystore sage
-import the signed digital certificate into the KeyStore keytool-import-alias sage-keystore sagely-file sagely.crt
Import signed digital certificates with KEYTOOL-LIST-V, it can be found that the length of the chain is much longer, and the whole CA chain is printed out.
Keytool Java is a key and certificate management tool. It enables users to manage their own public/private key pairs and related certificates for (digitally signed) Self authentication (users authenticate themselves to other users/services) or data integrity and authentication services. It also allows users to store their communications counterparts ' public keys (in the form of certificates). Use Keytool–help to view its usage, and you can refer to http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html
for more information.
The
Create a keytool.exe in Certificate Java (located in the Jdk/bin directory) can be used to create a digital certificate in which all digital certificates are stored in a certificate library in the form of an alias, a certificate in the certificate library that contains the private key of the certificate. The public key and the corresponding digital certificate information. A certificate in a certificate store can export a digital certificate file that includes only the principal information and the corresponding public key.
Each certificate library is a file consisting of an access password that, when first created, automatically generates a certificate library and requires that you specify the password to access the certificate library.
When you create a certificate, you need to fill out some information about the certificate and the private key password that corresponds to the certificate. This information includes cn=xx,ou=xx,o=xx,l=xx,st=xx,c=xx, which means:
? CN (Common name-first and last names): In fact, this "name and surname" should be the domain name, such as localhost or blog.devep.net. Lost into the name, and the real run when the domain name does not match, there will be problems. When the browser is accessed, a dialog box pops up indicating that the name on the security certificate is invalid or does not match the site name, and the user chooses to continue or can browse the Web page. However, when accessed with an HTTP client write program, an exception similar to "Javax.servlet.ServletException:HTTPS hostname wrong:should be" is thrown.
? OU (organization Unit-organization name)
? O (Organization-organization name)
? L (locality-city or area name)
? ST (state or province name)
? C (Country-country name)
You can interactively let the ToolTip enter the above information, or you can use parameters such as:-dname "Cn=xx,ou=xx,o=xx,l=xx,st=xx,c=xx" to automatically create.
Create a certificate
Specifies that the certificate library is d:/keystore/test, creating a certificate that is aliased to Tomcat, which specifies that the RSA algorithm is generated and that the specified key length is 1024 and the certificate is valid for 1 years:
Keytool-genkey-alias tomcat-keyalg rsa-keysize 1024-keystore c:/keystore/test-validity 365
Display certificates in the certificate library use the following command: Keytool-list-keystore c:/keystore/test will display a list of all certificates c:/keystore/test the certificate library
Export to certificate file
Using the command: Keytool-export-alias tomcat-file C:/keystore/tc.cer-keystore C:/keystore/test will have the alias in the certificate library C:/keystore/test Tomcat's certificate is exported to the Tc.cer certificate file, which contains information about the subject of the certificate and the public key of the certificate, excluding the private key, which can be made public.
The exported certificate file is a binary encoded file that cannot be properly displayed with a text editor and can be encoded with a printable editor with the-RFC parameter. Such as:
Keytool-export-alias tomcat-file C:/keystore/tc.cer-keystore C:/KEYSTORE/TEST–RFC
View information about a certificate
Command: Keytool-printcert-file d:/keystore/tc.cer can view information about the certificate file. You can also double-click the resulting certificate file to view it directly in Windows Explorer.
Delete entries in KeyStore
Keytool-delete-alias Tomcat-keystore C:/keystore/test
This command deletes the C:/keystore/test certificate in the library.
Modify Certificate Entry password
Keytool-keypasswd-alias tomcat-keystore c:/keystore/test, you can interactively modify the entries in the C:/keystore/test certificate store as Tomcat The certificate.
Keytool-keypasswd-alias tomcat-keypass oldpasswd-new newpasswd-storepass storepasswd-keystore C:/keystore/test This One-line command modifies the password for a certificate in the library that is alias Tomcat as a new password newpasswd, and the oldpasswd in the line refers to the original password of the certificate, STOREPASSWD is the password for the card stack.