First, use keytool to generate a certificate.
1. Generate a key
D:/> keytool-genkey-alias Wenger-keysize 1024-keypass abcdef-keystore mykeys
Tore-storepass abcdef-dname "cn = Chen Sr, ou = tanglab, O = lab, L = GZ, St = Gd, c = cn"
2. Export the key and save it as a certificate
D:/> keytool-export-alias Wenger-file mycert. cer-keystore mykeystore-storepass abcdef
Authentication stored in the file <mycert. Cer>
Read Certificate Information in Java
Import java. Io .*;
Import java. Security. cert .*;
Public class testcert {
Public static void main (string [] ARGs ){
Try {
Fileinputstream FCM = new fileinputstream ("mycert. Cer ");
Certificatefactory cf = certificatefactory. getinstance ("X509 ");
X509certificate c = (x509certificate) Cf. generatecertificate (FCM );
System. Out. println ("certficate for" + C. getsubjectdn ());
System. Out. println ("generated with" + C. getsigalgname ());
}
Catch (filenotfoundexception ex ){
}
Catch (certificateexception ex ){
/*** // ** @ Todo handle this exception */
}
}
}
Output:
Certficate forcn = Chen Sr, ou = tanglab, O = lab, L = GZ, St = Gd, c = Cn
Generated with sha1withdsa
Common keytool commands in JDK
-Genkey creates a default file ". keystore" in the user's main directory, and generates a mykey alias. mykey contains the user's public key, private key, and certificate.
-Alias generation
-Keystore specifies the name of the keystore (the generated information will not be in the. keystore file.
-Keyalg: Algorithm for specifying the key
-Validity: Specifies the validity period of the created certificate.
-Keysize: Specifies the key length.
-Storepass: password of the specified keystore
-Keypass: Specifies the password of an Alias Entry
-Dname indicates the certificate owner information, for example, "cn = sagely, ou = ASD, O = szu, L = SZ, St = Gd, c = cn"
-List: displays the certificate information in the keystore. keytool-list-v-keystore sage-storepass ....
-V: displays the certificate details in the keystore.
-Export: export the Certificate specified by the alias to the file keytool-export-alias caroot-file caroot. CRT.
-The file parameter specifies the file name to be exported.
-Delete: Delete the keytool-delete-alias sage-keystore sage entry in the keystore.
-Keypasswd: Modify the entry password keytool-keypasswd-alias sage-keypass ......-New ......-storepass ......-keystore sage in the keystore
-Import the signed digital certificate to the keystore keytool-import-alias sage-keystore sagely-file Sagely. CRT
After importing the signed digital certificate with keytool-list-V, you can obviously find that the length of the authentication chain is longer and print out all the CA chains.
1. Certificate display
-List
[-V |-RFC] [-alias <alias>]
[-Keystore <keystore>] [-storepass <storepass>]
[-Storetype <storetype>] [-provider <provider_class_name>]
Example: keytool-list-v-alias rapaserver-keystore cacerts-storepass 12345678
Keytool-list-v-keystore d2aapplet. keystore-storepass 12345678-storetype iaikkeystore
2. Export the certificate to the certificate file
Example: keytool-export-keystore monitor. keystore-alias Monitor-File Monitor. Cer
Monitor the certificate library. certificates with the alias monitor in keystore are exported to monitor. the CER Certificate file contains the information of the certificate body and the public key of the certificate, excluding the private key, which can be made public.
Keytool-export-keystore d2aapplet. keystore-alias rapaserver-file rapa. cert-storetype iaikkeystore
3. Import the keystore to the certificate
Import rapa. Cert to the Java default certificate cacerts
Keytool-import-alias rapaserver-keystore cacerts-file rapa. cert-keystore cacerts
4. delete a certificate entry
The command line parameter-delete of keytool can delete entries in the keystore, for example, keytool-delete-alias rapaserver-keystore d2aapplet. keystore, this command will be d2aapplet. the certificate rapaserver in the keystore is deleted.
5. Certificate entry password Modification
Use the-keypasswd parameter, for example, keytool-keypasswd-alias rapaserver-keystore d2aapplet. keystore. You can interactively modify the certificate of the d2aapplet. keystore certificate library whose entries are rapaserver.
Keytool-keypasswd-alias rapaserver-keypass 654321-New 123456-storepass 888888-keystore d2aapplet. the keystore command line uses non-interactive methods to change the password of the certificate in the database alias rapaserver as the new password 654321, And the 123456 in the line indicates the original password of the certificate, 888888 is the password of the credential store.