Home › Java keystore commands

Java keystore commands 

Dr. Xi
Joined:
04/09/2007
Posts:
710

June 03, 2010 18:29:59    Last update: June 03, 2010 18:31:49
  1. Generate a private key and store it in the keystore. The keystore file theKeyStore.jks will be created if it does not exist. The default keystore file is $HOME/.keystore if the -keystore option is not given. 
    keytool -genkey -alias myjavakey -keyalg RSA -keystore theKeyStore.jks


  2. Generate a private key and self-sign for 10 years. 
    keytool -genkey -alias myjavakey -keyalg RSA -validity 3650


  3. List keys in the keystore. 
    # short list
keytool -list -keystore theKeyStore.jks

# long list
keytool -list -v -keystore theKeyStore.jks

# show one key
keytool -list -v -keystore theKeyStore.jks -alias myjavakey


  4. Create a certificate signing request (CSR). 
    keytool -certreq -alias myjavakey -keystore theKeyStore.jks -file myjavakey.csr



It seems that the Java keytool utility can't sign third party certificate signing requests (CSRs). We can use openssl to sign the certificate request created above.
  1. Generate signing private key with openssl. 
    openssl genrsa -out openssl_ca.key -des 2048


  2. Generate self-signed certificate valid for 10 years. 
    openssl req -new -key openssl_ca.key -x509 -days 3650 -out openssl_ca.crt


  3. Sign the Java CSR with one year validity. 
    openssl x509 -req -in myjavakey.csr -CA openssl_ca.crt -CAkey openssl_ca.key \
-out myjavakey.crt -days 365 -CAcreateserial -CAserial openssl_ca.seq


  4. View the signed certificate. 
    keytool -printcert -file myjavakey.crt


  5. Import the signed certificate to another Java keystore. 
    keytool -import -trustcacerts -alias myjavakey -file myjavakey.crt \
-keystore anotherKeyStore.jks


Share |
| Comment  | Tags
 
Easy email testing with http://www.ximailstop.com

Related Notes