Commonly use Java Keytool Keystore Commands

Share It!

Java Keytool is a key and certificate management. It permits users to deal with their own public/private key pairs and certificates. It additionally permits clients to cache certificates. Java Keytool stores the keys and certificates in what is known as a keystore. By default the Java keystore is implemented as a file. It secures private keys with a password. A Keytool keystore contains the private key and any certificates important to finish a chain of trust and establish the reliability of the primary certificate. Every certificate in a Java keystore is connected with a unique alias. While creating a Java keystore you will first create the .jks record that will at first just contain the private key. You will then generate a CSR and have an certificate generated from it.
Java Keytool Keystore Commands

In this article I have define the most common Java Keytool keystore commands:

Java Keytool Commands for Creating and Importing

These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates.

Generate a Java keystore and key pair

# keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Generate a CSR for an existing Java keystore

# keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr

Import a root or intermediate CA certificate to an existing Java keystore

# keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks

Import a signed primary certificate to an existing Java keystore

# keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

Generate a keystore and self-signed certificate

# keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

If you need to check the information within a certificate, or Java keystore, use these commands.

Check a stand-alone certificate

# keytool -printcert -v -file mydomain.crt

Check which certificates are in a Java keystore

# keytool -list -v -keystore keystore.jks

Check a particular keystore entry using an alias

# keytool -list -v -keystore keystore.jks -alias mydomain

Other Java Keytool Commands

Delete a certificate from a Java Keytool keystore

# keytool -delete -alias mydomain -keystore keystore.jks

Change a Java keystore password

# keytool -storepasswd -new new_storepass -keystore keystore.jks

Export a certificate from a keystore

# keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks

List Trusted CA Certs

# keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

Import New CA into Trusted Certs

# keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

Enjoy it!

Leave a Reply

Your email address will not be published.