Simple keytool usage

Source: Internet
Author: User

Java keytool is a key and Certificate Management Utility. itAllows users to manage their own public/private key pairs and certificates. Java keytool stores the keys and certificates in what is called a keystore.Keytool keystore contains
The private key and any certificates
Necessary to complete a chain of trust and establish the trustworthiness of the primary certificate.

Each certificate in a Java keystore is associated with a unique alias. when creating a Java keystore you will first create. jks file that will initially only contain the private key. you will then generate a CSR and have a certificate generated from it.
Then you will import the certificate to the keystore including any root certificates.

Below, we have listedMost common Java keytool keystore commandsAnd their usage:

Java keytool commands for creating and importing

These commands allow you to generate a new Java keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.

  • Generate a Java keystore and key pair


    keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks

  • Generate a Certificate Signing Request (CSR) for an existing Java keystore

    keytool -certreq -alias "mydomain" -keystore keystore.jks -file mydomain.csr

  • Import a root or intermediate CA certificate to an existing Java keystore

    keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks

  • Import a signed primary certificate to an existing Java keystore

    keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

  • Generate a keystore and self-signed certificate

    keytool -genkey -keyalg RSA -alias "selfsigned" -keystore keystore.jks -storepass "password" -validity 

Java keytool commands for checking

If you need to check the information within a certificate, or Java keystore, use these commands.

  • Check a stand-alone Certificate


    keytool -printcert -v -file mydomain.crt

  • Check which certificates are in a Java keystore

    keytool -list -v -keystore keystore.jks

  • Check a particle keystore entry using an alias

    keytool -list -v -keystore keystore.jks -alias mydomain

Other Java keytool commands
  • Delete a certificate from a Java keytool keystore


    keytool -delete -alias "mydomain" -keystore keystore.jks

  • Change a Java keystore Password

    keytool -storepasswd -new new_storepass -keystore keystore.jks

  • Export a certificate from a keystore

    keytool -export -alias mydomain -file mydomain.crt

  • List trusted ca certs

    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

  • Import New CA into trusted certs

    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

    FROM: http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.