The Most Common Java Keytool Keystore Commands


Java Keytool Commands for Creating and Importing

These commands allow you to generate a new Java Keytool keystore file,
create a CSR, and import certificates. Any root or intermediate
certificates will need to be imported before importing the primary
certificate for your domain.

* *Generate a Java keystore and key pair*

keytool -genkey -alias _mydomain_ -keyalg RSA -keystore
_keystore.jks _ -keysize 2048

* *Generate a certificate signing request (CSR) for an existing Java

keytool -certreq -alias _mydomain_ -keystore _keystore.jks_ -file

* *Import a root or intermediate CA certificate to an existing Java

keytool -import -trustcacerts -alias root -file _Thawte.crt_
-keystore _keystore.jks_

* *Import a signed primary certificate to an existing Java keystore*

keytool -import -trustcacerts -alias _mydomain_ -file _mydomain.crt_
-keystore _keystore.jks_

* *Generate a keystore and self-signed certificate*

keytool -genkey -keyalg RSA -alias selfsigned -keystore
_keystore.jks_ -storepass _password_ -validity 360 -keysize 2048

Java Keytool Commands for Checking

If you need to check the information within a certificate, or Java
keystore, use these commands.

* *Check a stand-alone certificate*

keytool -printcert -v -file _mydomain.crt_

* *Check which certificates are in a Java keystore*

keytool -list -v -keystore _keystore.jks_

* *Check a particular keystore entry using an alias*

keytool -list -v -keystore _keystore.jks_ -alias mydomain

Other Java Keytool Commands

* *Delete a certificate from a Java Keytool keystore*

keytool -delete -alias _mydomain_ -keystore _keystore.jks_

* *Change a Java keystore password*

keytool -storepasswd -new new_storepass -keystore _keystore.jks_

* *Export a certificate from a keystore*

keytool -export -alias _mydomain_ -file _mydomain.crt_ -keystore

* *List Trusted CA Certs*

keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

* *Import New CA into Trusted Certs*

keytool -import -trustcacerts -file _/path/to/ca/ca.pem_ -alias
_CA_ALIAS_ -keystore $JAVA_HOME/jre/lib/security/cacerts


Leave a reply

Your email address will not be published. Required fields are marked *