Keytool : Certification management utility for Java | Day in my life

August 2, 2014

Keytool : Certification management utility for Java

Keytool is a secure socket layer certification management utility included in JDK and manages Java KeyStore (JKS). JKS is a repository of security certificates, either authorization certificates or public key certificates used for instance in SSL encryption. It also allows the user to manage their own public/private key-pairs and certificates.

KeyStore

Creating a self signed certificate

    $ keytool -genkey -keyalg RSA -alias mycert -keystore keystore -storepass 123456 -validity 3650 -keysize 2048
    What is your first and last name?
    [Unknown]: Nataraj Basappa
    What is the name of your organizational unit?
    [Unknown]: Situp
    What is the name of your organization?
    [Unknown]: Sceneric Ltd
    What is the name of your City or Locality?
    [Unknown]: Newbury
    What is the name of your State or Province?
    [Unknown]: West Berkshire
    What is the two-letter country code for this unit?
    [Unknown]: GB
    Is CN=Nataraj Basappa, OU=Situp, O=Sceneric Ltd, L=Newbury, ST=West Berkshire, C
    =GB correct?
    [no]: yes
    
    Enter key password for <mycert>
    (RETURN if same as keystore password):
    Re-enter new password:

Above command creates a self signed certificate with 10 year validity and stores that in a keystore file named “keystore”.

Note: If you are planning to use this JKS for tomcat, make sure your certificate password and keystore password are the same.

Exporting a certificate from a KeyStore

    $ keytool -export -alias mycert -file mycert.crt -keystore keystore
    Enter keystore password:
    Certificate stored in file <mycert.crt>

Note: Follow this link to import generated certificate into Windows keychain

Exporting a private key from a KeyStore

Below command exports the private key from the KeyStore and put it in a PKCS12 format. This could later be imported into a OpenSSL KeyStore if required.

    $ keytool -importkeystore -srckeystore keystore.jks -destkeystore intermediate.p12 -deststoretype PKCS12

© Nataraj Basappa 2021