Useful Java Keytool Commands

Java provides useful utility called as Keytool which manage public or private key pairs and certificates , cache certificates etc.

Keystore :
Keystore is a place or location where Java Keytool stores the key and certificates which is usually a file. Keystore contains the private key and certificates which are necessary to complete a chain of trust and establish the trustworthiness with primary certificate. Keystore is protected by a password.

We need to generate a CSR first and have a certificate generated from it. Then we need to import certificates to the keystore.

Now lets see how we can use Java Keytool utility to generate keystore, generate CSR, create and delete certificates etc.

1. Generating keystore and key pair :

keytool -genkey -alias [yourdomain] -keyalg RSA -keystore keystore.jks -keysize 2048

2. Generating CSR :
We can generate CSR on existing keystore.

keytool -certreq -alias [yourdomain] -keystore keystore.jks -file [yourdomain].csr

3. Commands to import certificates to exisitng CSR.

Importing signed primary certificate

keytool -import -trustcacerts -alias [yourdomain] -file [yourdomain].crt -keystore keystore.jks

Importing root or intermediate CA certificates

keytool -import -trustcacerts -alias root -file [certificate].crt -keystore keystore.jks

Listing all keystore certificates :

keytool -list -v | more

Listing all cacerts certificates :

keytool -list keystore [JRE PATH]\lib\security\cacerts | more

Deleting a certificate :

keytool -delete -alias [yourdomain]
Share on Google Plus

About Pranav

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment


Post a Comment