Search This Blog

Java keytool command examples

  • Generate a Java keystore and key pair:
    keytool -genkey -alias yourdomain -keyalg RSA -keystore /path/to/yourkeystore.jks -keysize 2048
    
  • Generate a certificate sigining request (CSR):
    keytool -certreq -alias yourdomain -keystore /path/to/yourkeystore.jks -file yourdomain.csr
    
  • Import a certificate into an existing Java keystore:
    keytool -import -trustcacerts -alias smtp.gmail.com -file smtp.gmail.com.cert -keystore /path/to/yourkeystore.jks
    
  • Generate a keystore and a self-signed certificate:
    keytool -genkey -keyalg RSA -alias selfsigned -keystore yourkeystore.jks -storepass password -validity 365 -keysize 2048
    
  • Describe a certificate:
    keytool -printcert -v -file yourdomain.cert
    
  • List the certificates in the specified keystore:
    keytool -list -v -keystore /path/to/yourkeystore.jks
    
  • Find the certificate by alias in the specified keystore:
    keytool -list -v -keystore /path/to/yourkeystore.jks -alias yourdomain
    
  • Delete a certificate from the specified keystore:
    keytool -delete -alias yourdomain -keystore /path/to/yourkeystore.jks
    
  • Change the password of the specified keystore:
    keytool -storepasswd -new newpass -keystore /path/to/yourkeystore.jks
    
  • Export a certificate from the specified keystore:
    keytool -export -alias yourdomain -file yourdomain.crt -keystore /path/to/yourkeystore.jks
    

Note:

  • The default Java JVM keystore password is changeit
  • The default Java JVM keystore to store trusted CA certificates is located at: $JAVA_HOME/jre/lib/security/cacerts (or /System/Library/Frameworks/JavaVM.framework//Versions/CurrentJDK/Home/lib/security/cacerts on Mac OS X)



No comments:

Post a Comment