keytool
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
keytool [2011/04/28 06:42] k2patel created |
keytool [2011/04/28 06:45] k2patel |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| Generate a Java keystore and key pair | Generate a Java keystore and key pair | ||
| + | <code java> | ||
| keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 | keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 | ||
| + | </code> | ||
| Generate a certificate signing request (CSR) for an existing Java keystore | Generate a certificate signing request (CSR) for an existing Java keystore | ||
| + | <code java> | ||
| keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr | keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr | ||
| + | </code> | ||
| Import a root or intermediate CA certificate to an existing Java keystore | Import a root or intermediate CA certificate to an existing Java keystore | ||
| + | <code java> | ||
| keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks | keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks | ||
| + | </code> | ||
| Import a signed primary certificate to an existing Java keystore | Import a signed primary certificate to an existing Java keystore | ||
| + | <code java> | ||
| keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks | keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks | ||
| + | </code> | ||
| Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytool for more info) | Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytool for more info) | ||
| + | <code java> | ||
| keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048 | keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048 | ||
| + | </code> | ||
| ==== Java Keytool Commands for Checking ==== | ==== Java Keytool Commands for Checking ==== | ||
| Line 27: | Line 37: | ||
| Check a stand-alone certificate | Check a stand-alone certificate | ||
| + | <code java> | ||
| keytool -printcert -v -file mydomain.crt | keytool -printcert -v -file mydomain.crt | ||
| + | </code> | ||
| Check which certificates are in a Java keystore | Check which certificates are in a Java keystore | ||
| + | <code java> | ||
| keytool -list -v -keystore keystore.jks | keytool -list -v -keystore keystore.jks | ||
| + | </code> | ||
| Check a particular keystore entry using an alias | Check a particular keystore entry using an alias | ||
| + | <code java> | ||
| keytool -list -v -keystore keystore.jks -alias mydomain | keytool -list -v -keystore keystore.jks -alias mydomain | ||
| + | </code> | ||
| ==== Other Java Keytool Commands ==== | ==== Other Java Keytool Commands ==== | ||
| Line 39: | Line 55: | ||
| Delete a certificate from a Java Keytool keystore | Delete a certificate from a Java Keytool keystore | ||
| + | <code java> | ||
| keytool -delete -alias mydomain -keystore keystore.jks | keytool -delete -alias mydomain -keystore keystore.jks | ||
| + | </code> | ||
| Change a Java keystore password | Change a Java keystore password | ||
| + | <code java> | ||
| keytool -storepasswd -new new_storepass -keystore keystore.jks | keytool -storepasswd -new new_storepass -keystore keystore.jks | ||
| + | </code> | ||
| Export a certificate from a keystore | Export a certificate from a keystore | ||
| + | <code java> | ||
| keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks | keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks | ||
| + | </code> | ||
| List Trusted CA Certs | List Trusted CA Certs | ||
| + | <code java> | ||
| keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts | keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts | ||
| + | </code> | ||
| Import New CA into Trusted Certs | Import New CA into Trusted Certs | ||
| + | <code java> | ||
| keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts | keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts | ||
| + | </code> | ||
keytool.txt ยท Last modified: 2011/04/28 06:45 by k2patel
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
