Keytool – Java
Dummy Certificate for Testing – Download
KeyTool Configuration and Generation
Configuration:
- Install Java JDK (any version) :
- You can find JDK from here to Download :
- https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
- Download JDK According to your Desired Operating System.
- You can find JDK from here to Download :
- Set Class path of Java in your System Environment Variable :
- Open Environment Variable Settings :
- Open My computer/This PCProperties in Windows
- Open Advance System Settings
- Select AdvanceTab
- Click Environment Variables..Button
- Find the path from bottom area of window
- Open path
- Press new Button
- Paste Your path herewhich you have copied before
- Press OK to finalize your configuration
- Restart Your System
- Example : Find the High Lighted to continue your setting
- Diagram :
- CMD :
- Must Open CMD as Administrator
- Start your Certificate
Certificate Generation:
- Keytool Checking
- Type keytool in cmd
- You will find all the tags of keytool to generate certificate
- If Keytool appear any error, then make sure you have installed JDK and Class path is correct.
- Generating and Deleting Certificate :
- Command to Generate Certificate:
- keytool -genkey -keyalg RSA -alias testCertificate -keystore selfsigned.jks -validity 365 -keysize 2048
- Enter keystore password:
- Re-enter new password:
- What is your first and last name?
- What is the name of your organizational unit?
- What is the name of your organization?
- What is the name of your City or Locality?
- What is the name of your State or Province?
- What is the two-letter country code for this unit?
- keytool -genkey -keyalg RSA -alias testCertificate -keystore selfsigned.jks -validity 365 -keysize 2048
- Command to Check Certificate :
- keytool -list -v -keystore selfsigned.jks
- To check list of your Certificate which is created.
- keytool -list -v -keystore selfsigned.jks
- Command to Delete Certificate :
- keytool -delete -alias testCertificate -keystore selfsigned.jks
- Enter keystore password:
- keytool -delete -alias testCertificate -keystore selfsigned.jks
- Command to Export Certificate :
- keytool -export -alias dummyTest -file mydomain.crt -keystore selfsigned.jks
- Command to Generate Certificate:
.
Key Tool Commands
Commands for Creating and Importing:
- Generate a Java keystore and key pair
- keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
- Generate a certificate signing request (CSR) for an existing Java keystore
- keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
- Import a root or intermediate CA certificate to an existing Java keystore
- keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
- Import a signed primary certificate to an existing Java keystore
- keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
- Generate a keystore and self-signed certificate
- keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
Java Keytool Commands for Checking:
- Check a stand-alone certificate
- keytool -printcert -v -file mydomain.crt
- Check which certificates are in a Java keystore
- keytool -printcert -v -file mydomain.crt
- Check a particular keystore entry using an alias
- keytool -list -v -keystore keystore.jks -alias mydomain
Other Java Keytool Commands:
- Delete a certificate from a Java Keytool keystore
- keytool -delete -alias mydomain -keystore keystore.jks
- Change a Java keystore password
- keytool -storepasswd -new new_storepass -keystore keystore.jks
- Export a certificate from a keystore
- keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
- List Trusted CA Certs
- keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
- Import New CA into Trusted Certs
- keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts