Keystore is a place or location where Java Keytool stores the key and certificates which is usually a file. Keystore contains the private key and certificates which are necessary to complete a chain of trust and establish the trustworthiness with primary certificate. Keystore is protected by a password.
We need to generate a CSR first and have a certificate generated from it. Then we need to import certificates to the keystore.
Now lets see how we can use Java Keytool utility to generate keystore, generate CSR, create and delete certificates etc.
1. Generating keystore and key pair :
keytool -genkey -alias [yourdomain] -keyalg RSA -keystore keystore.jks -keysize 2048
2. Generating CSR :
We can generate CSR on existing keystore.
keytool -certreq -alias [yourdomain] -keystore keystore.jks -file [yourdomain].csr
3. Commands to import certificates to exisitng CSR.
Importing signed primary certificate
keytool -import -trustcacerts -alias [yourdomain] -file [yourdomain].crt -keystore keystore.jks
Importing root or intermediate CA certificates
keytool -import -trustcacerts -alias root -file [certificate].crt -keystore keystore.jks
Listing all keystore certificates :
keytool -list -v | more
Listing all cacerts certificates :
keytool -list keystore [JRE PATH]\lib\security\cacerts | more
Deleting a certificate :
keytool -delete -alias [yourdomain]