The Most Common Java Keytool Keystore Commands
A full list of the most commonly used keystore creating, importing, and checking commands for the Java Keytool platform.
Join the DZone community and get the full member experience.Join For Free
Java Keytool Keystore Commands
The platform that manages the private keys and certificates is called Java Keytool. It has the ability through which public/private keys and certificate manage in addition to caching certificates. The storing place of keys and certificates is named by Java as Keystore. Java Keystore represents a file. The private keys are protected with a password in Keystore. The chain of trust and primary certificate trustworthiness is established by Keytool Keystore that is necessary to protect the private keys and certificates.
A unique alias is associated with each certificate in Java Keystore. First, you have to create a .jks file that will initially consist of only private keys. After that, CSR needs to be generated from which certificate will be generated. Then the certificate should be imported into the Keystore including root certificates. There are various functions that are performed by the Java Keytool like viewing of certificate details or a list of certificates consist of export a certificate.
What is Java Keytool Keystore
This is a platform that stores the private keys and certificates, which is important for the chain of trust and primary certificate authentication. This creation of a domain takes the place of a primary certificate.
Java Keytool Commands for Creating and Importing
Let’s start with the most basic and generate commands on how to import keys and certificates.
Java Keystore and Keypair Generation
keytool –genkey –alias mydomain –keyalg RSA –keystorekeystore.jks –keysize 2048
CSR (Certificate Signing Request) Generation for an Existing Java Keystore
keytool –certreg –alias mydomain –keystorekeystore.jks –file mydomain.csr
Importing Root or Intermediate Certificate to an Existing Java Keystore
keytool –import –trustcacerts –alias root –file Thawte.crt –keystorekeystore.jks
Importing of Signed Primary Certificate to an Existing Java Keystore
keytool –import –trustcacerts –alias mydomain –file mydomain.crt
Keystore and Self-signed Certificate Generation
keytool –genkey –keyalg RSA –alias selfsigned–keystorekeystore.jks–storepass
password –validity 360 –keysize 2048
Java Keytool Commands for Checking
Use the below commands if you want to check the information contained in a certificate.
keytool –printcert –v –file mydomain.crt
Java Keystore Certificate Check
keytool –list –v –keystorekeystore.jks
Check a Particular Keystore Entry Using an Alias
keytool –list –v –keystorekeystore.jks –alias mydomain
Other Java Keytool Commands
Certificate Delete from Java Keytool Keystore
keytool –delete –alias mydomain –keystorekeystore.jks
Java Keystore Password Change
keytool –storepasswd –new new_storepass –keystorekeystore.jks
Export Certificate From a Keystore
keytool –export –alias mydomain –file mydomain.crt –keystorekeystore.jks
Trusted CA Certs List
keytool –list –v –keystore $JAVA_HOME/jre/lib/security/cacerts
New CA Import into Trusted Certs
keytool –import –trustcacerts –file /path/to/ca/ca.pem –alias CA_ALIAS
Published at DZone with permission of Crumb Peter. See the original article here.
Opinions expressed by DZone contributors are their own.