Created
October 7, 2013 09:35
-
-
Save nielsvanderbeke/6865156 to your computer and use it in GitHub Desktop.
java keystore and certificate commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
What is in a keystore | |
======================= | |
keytool -list -v -keystore keystore-file.jks | less | |
======================= | |
show certificates website | |
======================= | |
openssl s_client -host internet.onprvp.fgov.be -port 443 -showcerts | |
======================= | |
open pk12 | |
======================= | |
keytool -storetype pkcs12 -list -v -keystore keystore.p12 | less | |
========================= | |
Generate a Java keystore and key pair | |
======================= | |
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks | |
========================= | |
Generate a certificate signing request (CSR) for an existing Java keystore | |
======================= | |
keytool -certreq -alias "mydomain" -keystore keystore.jks -file mydomain.csr | |
========================= | |
Import a root or intermediate CA certificate to an existing Java keystore | |
======================= | |
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks | |
========================= | |
Import a signed primary certificate to an existing Java keystore | |
======================= | |
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks | |
========================= | |
Generate a keystore and self-signed certificate | |
======================= | |
keytool -genkey -keyalg RSA -alias "selfsigned" -keystore keystore.jks -storepass "password" -validity 360 | |
========================= | |
Check a stand-alone certificate | |
======================= | |
keytool -printcert -v -file mydomain.crt | |
========================= | |
Check which certificates are in a Java keystore | |
======================= | |
keytool -list -v -keystore keystore.jks | |
========================= | |
Check a particular keystore entry using an alias | |
======================= | |
keytool -list -v -keystore keystore.jks -alias mydomain | |
========================= | |
Delete a certificate from a Java Keytool keystore | |
======================= | |
keytool -delete -alias "mydomain" -keystore keystore.jks | |
========================= | |
Change a Java keystore password | |
======================= | |
keytool -storepasswd -new new_storepass -keystore keystore.jks | |
========================= | |
Export a certificate from a keystore | |
======================= | |
keytool -export -alias mydomain -file mydomain.crt | |
========================= | |
List Trusted CA Certs | |
======================= | |
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts | |
========================= | |
Import New CA into Trusted Certs | |
======================= | |
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts | |
========================= |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment