- By jansku
- Post in Uncategorized
- June 7, 2016
- 0 Comments
Java Keytool Commands for Creating and Importing
These commands allow you to generate a new Java Keytool keystore file,
create a CSR, and import certificates. Any root or intermediate
certificates will need to be imported before importing the primary
certificate for your domain.
* *Generate a Java keystore and key pair*
keytool -genkey -alias _mydomain_ -keyalg RSA -keystore
_keystore.jks _ -keysize 2048
* *Generate a certificate signing request (CSR) for an existing Java
keystore*
keytool -certreq -alias _mydomain_ -keystore _keystore.jks_ -file
_mydomain.csr_
* *Import a root or intermediate CA certificate to an existing Java
keystore*
keytool -import -trustcacerts -alias root -file _Thawte.crt_
-keystore _keystore.jks_
* *Import a signed primary certificate to an existing Java keystore*
keytool -import -trustcacerts -alias _mydomain_ -file _mydomain.crt_
-keystore _keystore.jks_
* *Generate a keystore and self-signed certificate*
keytool -genkey -keyalg RSA -alias selfsigned -keystore
_keystore.jks_ -storepass _password_ -validity 360 -keysize 2048
Java Keytool Commands for Checking
If you need to check the information within a certificate, or Java
keystore, use these commands.
* *Check a stand-alone certificate*
keytool -printcert -v -file _mydomain.crt_
* *Check which certificates are in a Java keystore*
keytool -list -v -keystore _keystore.jks_
* *Check a particular keystore entry using an alias*
keytool -list -v -keystore _keystore.jks_ -alias mydomain
Other Java Keytool Commands
* *Delete a certificate from a Java Keytool keystore*
keytool -delete -alias _mydomain_ -keystore _keystore.jks_
* *Change a Java keystore password*
keytool -storepasswd -new new_storepass -keystore _keystore.jks_
* *Export a certificate from a keystore*
keytool -export -alias _mydomain_ -file _mydomain.crt_ -keystore
_keystore.jks_
* *List Trusted CA Certs*
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
* *Import New CA into Trusted Certs*
keytool -import -trustcacerts -file _/path/to/ca/ca.pem_ -alias
_CA_ALIAS_ -keystore $JAVA_HOME/jre/lib/security/cacerts