keytool
Differences
This shows you the differences between two versions of the page.
|
keytool [2011/04/28 06:45] k2patel |
keytool [2020/08/10 02:35] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Java Keytool ====== | ||
| - | ==== Java Keytool Commands for Creating and Importing ==== | ||
| - | |||
| - | |||
| - | These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain. | ||
| - | |||
| - | Generate a Java keystore and key pair | ||
| - | <code java> | ||
| - | keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 | ||
| - | </code> | ||
| - | |||
| - | Generate a certificate signing request (CSR) for an existing Java keystore | ||
| - | <code java> | ||
| - | keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr | ||
| - | </code> | ||
| - | |||
| - | Import a root or intermediate CA certificate to an existing Java keystore | ||
| - | <code java> | ||
| - | keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks | ||
| - | </code> | ||
| - | |||
| - | Import a signed primary certificate to an existing Java keystore | ||
| - | <code java> | ||
| - | keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks | ||
| - | </code> | ||
| - | |||
| - | Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytool for more info) | ||
| - | <code java> | ||
| - | keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048 | ||
| - | </code> | ||
| - | |||
| - | ==== Java Keytool Commands for Checking ==== | ||
| - | |||
| - | |||
| - | If you need to check the information within a certificate, or Java keystore, use these commands. | ||
| - | |||
| - | Check a stand-alone certificate | ||
| - | <code java> | ||
| - | keytool -printcert -v -file mydomain.crt | ||
| - | </code> | ||
| - | |||
| - | Check which certificates are in a Java keystore | ||
| - | <code java> | ||
| - | keytool -list -v -keystore keystore.jks | ||
| - | </code> | ||
| - | |||
| - | Check a particular keystore entry using an alias | ||
| - | <code java> | ||
| - | keytool -list -v -keystore keystore.jks -alias mydomain | ||
| - | </code> | ||
| - | |||
| - | ==== Other Java Keytool Commands ==== | ||
| - | |||
| - | |||
| - | Delete a certificate from a Java Keytool keystore | ||
| - | <code java> | ||
| - | keytool -delete -alias mydomain -keystore keystore.jks | ||
| - | </code> | ||
| - | |||
| - | Change a Java keystore password | ||
| - | <code java> | ||
| - | keytool -storepasswd -new new_storepass -keystore keystore.jks | ||
| - | </code> | ||
| - | |||
| - | Export a certificate from a keystore | ||
| - | <code java> | ||
| - | keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks | ||
| - | </code> | ||
| - | |||
| - | List Trusted CA Certs | ||
| - | <code java> | ||
| - | keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts | ||
| - | </code> | ||
| - | |||
| - | Import New CA into Trusted Certs | ||
| - | <code java> | ||
| - | keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts | ||
| - | </code> | ||
keytool.txt ยท Last modified: 2020/08/10 02:35 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
