The Most Common Java Keytool Keystore Commands
A full list of the most commonly used keystore creating, importing, and checking commands for the Java Keytool platform.
Join the DZone community and get the full member experience.
Join For FreeJava Keytool Keystore Commands
The platform that manages the private keys and certificates is called Java Keytool. It has the ability through which public/private keys and certificate manage in addition to caching certificates. The storing place of keys and certificates is named by Java as Keystore. Java Keystore represents a file. The private keys are protected with a password in Keystore. The chain of trust and primary certificate trustworthiness is established by Keytool Keystore that is necessary to protect the private keys and certificates.
A unique alias is associated with each certificate in Java Keystore. First, you have to create a .jks file that will initially consist of only private keys. After that, CSR needs to be generated from which certificate will be generated. Then the certificate should be imported into the Keystore including root certificates. There are various functions that are performed by the Java Keytool like viewing of certificate details or a list of certificates consist of export a certificate.
What is Java Keytool Keystore
This is a platform that stores the private keys and certificates, which is important for the chain of trust and primary certificate authentication. This creation of a domain takes the place of a primary certificate.
Java Keytool Commands for Creating and Importing
Letâs start with the most basic and generate commands on how to import keys and certificates.
Java Keystore and Keypair Generation
keytool âgenkey âalias mydomain âkeyalg RSA âkeystorekeystore.jks âkeysize 2048
CSR (Certificate Signing Request) Generation for an Existing Java Keystore
keytool âcertreg âalias mydomain âkeystorekeystore.jks âfile mydomain.csr
Importing Root or Intermediate Certificate to an Existing Java Keystore
keytool âimport âtrustcacerts âalias root âfile Thawte.crt âkeystorekeystore.jks
Importing of Signed Primary Certificate to an Existing Java Keystore
keytool âimport âtrustcacerts âalias mydomain âfile mydomain.crt âkeystorekeystore.jks
Keystore and Self-signed Certificate Generation
keytool âgenkey âkeyalg RSA âalias selfsignedâkeystorekeystore.jksâstorepass password âvalidity 360 âkeysize 2048
Java Keytool Commands for Checking
Use the below commands if you want to check the information contained in a certificate.
Stand-alone Certificate
keytool âprintcert âv âfile mydomain.crt
Java Keystore Certificate Check
keytool âlist âv âkeystorekeystore.jks
Check a Particular Keystore Entry Using an Alias
keytool âlist âv âkeystorekeystore.jks âalias mydomain
Other Java Keytool Commands
Certificate Delete from Java Keytool Keystore
keytool âdelete âalias mydomain âkeystorekeystore.jks
Java Keystore Password Change
keytool âstorepasswd ânew new_storepass âkeystorekeystore.jks
Export Certificate From a Keystore
keytool âexport âalias mydomain âfile mydomain.crt âkeystorekeystore.jks
Trusted CA Certs List
keytool âlist âv âkeystore $JAVA_HOME/jre/lib/security/cacerts
New CA Import into Trusted Certs
keytool âimport âtrustcacerts âfile /path/to/ca/ca.pem âalias CA_ALIAS âkeystore $JAVA_HOME/jre/lib/security/cacerts
Published at DZone with permission of Crumb Peter. See the original article here.
Opinions expressed by DZone contributors are their own.
Related
-
How to Modify Java Command-Line Arguments
-
JGit Library Examples in Java
-
Quickly Find Your Java Application Process ID
-
How to Kill Processes in Unix/Linux