Last active
January 14, 2018 17:51
-
-
Save Hendrik44/eb7d478ab6fd059757735ce0436a6f1b to your computer and use it in GitHub Desktop.
Java Keytool Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generate a Java keystore and key pair | |
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 | |
# Generate a certificate signing request (CSR) for an existing Java keystore | |
keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr | |
# Import a root or intermediate CA certificate to an existing Java keystore | |
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks | |
# Import a signed primary certificate to an existing Java keystore | |
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks | |
# Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytoolfor more info) | |
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048 | |
# check a stand-alone certificate | |
keytool -printcert -v -file mydomain.crt | |
# Check which certificates are in a Java keystore | |
keytool -list -v -keystore keystore.jks | |
#Check a particular keystore entry using an alias | |
keytool -list -v -keystore keystore.jks -alias mydomain | |
# Delete a certificate from a Java Keytool keystore | |
keytool -delete -alias mydomain -keystore keystore.jks | |
# Change a Java keystore password | |
keytool -storepasswd -new new_storepass -keystore keystore.jks | |
# Export a certificate from a keystore | |
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks | |
# List Trusted CA Certs | |
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts | |
# Import New CA into Trusted Certs | |
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts | |
# ################################## | |
# import keys via p12 with keytool # | |
#################################### | |
cat cert_public_key.pem cert_private_key.pem >combined.pem | |
openssl pkcs12 -export -in combined.pem -out cert.p12 | |
# or on the fly but (update:) the privatekey must be first: | |
cat cert_private_key.pem cert_public_key.pem | openssl pkcs12 -export -out cert.p12 | |
# than import p12 via keytool | |
keytool -importkeystore -srckeystore cert.p12 -srcstoretype pkcs12 -destkeystore cert.jks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment