KeyTool – Java – Learning-Inz

Keytool – Java

Install Java JDK (any version) :
1. You can find JDK from here to Download :
  1. https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
  2. Download JDK According to your Desired Operating System.
Set Class path of Java in your System Environment Variable :
1. Pick jdk path where you installed.
2. Like: Copy Yellow High lighted Path from your computer
3. Diagram :
Open Environment Variable Settings :
1. Open My computer/This PCProperties in Windows
2. Open Advance System Settings
3. Select AdvanceTab
4. Click Environment Variables..Button
5. Find the path from bottom area of window
6. Open path
7. Press new Button
8. Paste Your path herewhich you have copied before
9. Press OK to finalize your configuration
10. Restart Your System
11. Example : Find the High Lighted to continue your setting
12. Diagram :
CMD :
1. Must Open CMD as Administrator
2. Start your Certificate

Keytool Checking
1. Type keytool in cmd
2. You will find all the tags of keytool to generate certificate
3. If Keytool appear any error, then make sure you have installed JDK and Class path is correct.
Generating and Deleting Certificate :
1. Command to Generate Certificate:
  1. keytool -genkey -keyalg RSA -alias testCertificate -keystore selfsigned.jks -validity 365 -keysize 2048
    1. Enter keystore password:
    2. Re-enter new password:
    3. What is your first and last name?
    4. What is the name of your organizational unit?
    5. What is the name of your organization?
    6. What is the name of your City or Locality?
    7. What is the name of your State or Province?
    8. What is the two-letter country code for this unit?
2. Command to Check Certificate :
  1. keytool -list -v -keystore selfsigned.jks
    1. To check list of your Certificate which is created.
3. Command to Delete Certificate :
  1. keytool -delete -alias testCertificate -keystore selfsigned.jks
    1. Enter keystore password:
4. Command to Export Certificate :
  1. keytool -export -alias dummyTest -file mydomain.crt -keystore selfsigned.jks

Generate a Java keystore and key pair
1. keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
Generate a certificate signing request (CSR) for an existing Java keystore
1. keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
Import a root or intermediate CA certificate to an existing Java keystore
1. keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
Import a signed primary certificate to an existing Java keystore
1. keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
Generate a keystore and self-signed certificate
1. keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Check a stand-alone certificate
1. keytool -printcert -v -file mydomain.crt
Check which certificates are in a Java keystore
1. keytool -printcert -v -file mydomain.crt
Check a particular keystore entry using an alias
1. keytool -list -v -keystore keystore.jks -alias mydomain

Delete a certificate from a Java Keytool keystore
1. keytool -delete -alias mydomain -keystore keystore.jks
Change a Java keystore password
1. keytool -storepasswd -new new_storepass -keystore keystore.jks
Export a certificate from a keystore
1. keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
List Trusted CA Certs
1. keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
Import New CA into Trusted Certs
1. keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts