Home > Others

Simple keytool usage

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Java keytool is a key and Certificate Management Utility. itAllows users to manage their own public/private key pairs and certificates. Java keytool stores the keys and certificates in what is called a keystore.Keytool keystore contains
The private key and any certificatesNecessary to complete a chain of trust and establish the trustworthiness of the primary certificate.

Each certificate in a Java keystore is associated with a unique alias. when creating a Java keystore you will first create. jks file that will initially only contain the private key. you will then generate a CSR and have a certificate generated from it.
Then you will import the certificate to the keystore including any root certificates.

Below, we have listedMost common Java keytool keystore commandsAnd their usage:

Java keytool commands for creating and importing

These commands allow you to generate a new Java keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.

  • Generate a Java keystore and key pair


    keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks

  • Generate a Certificate Signing Request (CSR) for an existing Java keystore

    keytool -certreq -alias "mydomain" -keystore keystore.jks -file mydomain.csr

  • Import a root or intermediate CA certificate to an existing Java keystore

    keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks

  • Import a signed primary certificate to an existing Java keystore

    keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

  • Generate a keystore and self-signed certificate

    keytool -genkey -keyalg RSA -alias "selfsigned" -keystore keystore.jks -storepass "password" -validity 

Java keytool commands for checking

If you need to check the information within a certificate, or Java keystore, use these commands.

  • Check a stand-alone Certificate


    keytool -printcert -v -file mydomain.crt

  • Check which certificates are in a Java keystore

    keytool -list -v -keystore keystore.jks

  • Check a particle keystore entry using an alias

    keytool -list -v -keystore keystore.jks -alias mydomain

Other Java keytool commands
  • Delete a certificate from a Java keytool keystore


    keytool -delete -alias "mydomain" -keystore keystore.jks

  • Change a Java keystore Password

    keytool -storepasswd -new new_storepass -keystore keystore.jks

  • Export a certificate from a keystore

    keytool -export -alias mydomain -file mydomain.crt

  • List trusted ca certs

    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

  • Import New CA into trusted certs

    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

    FROM: http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
google keytool keytool utility keytool trustcacerts java keytool tutorial keytool import certificate java keytool import certificate keytool import certificate chain

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More