To Create a CSR with keytool and Generate a SignedCertificate for the Certificate Signing Request
Perform the following operations from the command line.
Generate the Certificate Signing Request.
Generate a signed certificate for the associated Certificate SigningRequest.
Use the keytool to import the CA certificate into the client keystore.
Use the keytool to import the signed certificate for the associatedclient alias in the keystore.
Caution –The following error will be generated if there is no certificatechain in the client certificate.
This error is because the CA’s certificate was not imported intothe KeyStore first. You must import theCA's certificate (step 4), then import the client.cer file itself to forma certificate chain (step 5).
Now that we have a private key and an associating certificate chainin the KeyStore clientkeystore, we canuse it as a KeyStore for client (adapter)authentication. The only warning is that the CA certificate must be importedinto the trusted certificate store of the web server to which you will beconnecting. Moreover, the web server must be configured for client authentication(httpd.conf for Apache, for example).
Generate a Java key pair and keystore: keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048. Generate a certificate signing request (CSR) for an existing Java keystore: keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr. Generate a keystore and self-signed certificate. Topic - (1) Using keytool to generate a public-private key pair. The first step in configuring a VT Display session for SSH client authentication using a public key is to use the keytool program to generate a public-private key pair. Keytool is a multipurpose utility program, included in the Java 2 Version 1.4 JRE and distributed with Host On-Demand, for managing keys. (Use keytool -list to see the contents of the keystore.) Make sure the certificate category is set to Identity. Upload the client certificate file in JKS format. Enter the keystore and key passwords used to create the JKS store. Keytool –printcert –v –file mydomain.crt. Java Keystore Certificate Check. Keytool –list –v –keystorekeystore.jks. Check a Particular Keystore Entry Using an Alias. While we create a Java keystore, we will first create the.jks file that will initially only contain the private key using the keytool utility. 1 keytool -genkey -keystore keystore.jks -alias ssl.
A full list of the most commonly used keystore creating, importing, and checking commands for the Java Keytool platform.
Join the DZone community and get the full member experience.
Join For FreeJava Keytool Keystore Commands
The platform that manages the private keys and certificates is called Java Keytool. It has the ability through which public/private keys and certificate manage in addition to caching certificates. The storing place of keys and certificates is named by Java as Keystore. Java Keystore represents a file. The private keys are protected with a password in Keystore. The chain of trust and primary certificate trustworthiness is established by Keytool Keystore that is necessary to protect the private keys and certificates.
A unique alias is associated with each certificate in Java Keystore. First, you have to create a .jks file that will initially consist of only private keys. After that, CSR needs to be generated from which certificate will be generated. Then the certificate should be imported into the Keystore including root certificates. There are various functions that are performed by the Java Keytool like viewing of certificate details or a list of certificates consist of export a certificate.
What is Java Keytool Keystore
This is a platform that stores the private keys and certificates, which is important for the chain of trust and primary certificate authentication. This creation of a domain takes the place of a primary certificate.
Java Keytool Commands for Creating and Importing
Let’s start with the most basic and generate commands on how to import keys and certificates.
Java Keystore and Keypair Generation
keytool –genkey –alias mydomain –keyalg RSA –keystorekeystore.jks –keysize 2048
CSR (Certificate Signing Request) Generation for an Existing Java Keystore
keytool –certreg –alias mydomain –keystorekeystore.jks –file mydomain.csr
Importing Root or Intermediate Certificate to an Existing Java Keystore
keytool –import –trustcacerts –alias root –file Thawte.crt –keystorekeystore.jks
Importing of Signed Primary Certificate to an Existing Java Keystore
keytool –import –trustcacerts –alias mydomain –file mydomain.crt
–keystorekeystore.jks
Keystore and Self-signed Certificate Generation
keytool –genkey –keyalg RSA –alias selfsigned–keystorekeystore.jks–storepass
password –validity 360 –keysize 2048
Keytool Import Crt
Java Keytool Commands for Checking
Use the below commands if you want to check the information contained in a certificate.
Stand-alone Certificate
keytool –printcert –v –file mydomain.crt
Java Keystore Certificate Check
keytool –list –v –keystorekeystore.jks
Check a Particular Keystore Entry Using an Alias
keytool –list –v –keystorekeystore.jks –alias mydomain
Other Java Keytool Commands
Certificate Delete from Java Keytool Keystore
keytool –delete –alias mydomain –keystorekeystore.jks
Keytool Create Jks
Java Keystore Password Change
keytool –storepasswd –new new_storepass –keystorekeystore.jks
Export Certificate From a Keystore
keytool –export –alias mydomain –file mydomain.crt –keystorekeystore.jks
Trusted CA Certs List
keytool –list –v –keystore $JAVA_HOME/jre/lib/security/cacerts
New CA Import into Trusted Certs
keytool –import –trustcacerts –file /path/to/ca/ca.pem –alias CA_ALIAS
–keystore $JAVA_HOME/jre/lib/security/cacerts
Published at DZone with permission of Crumb Peter. See the original article here.
Opinions expressed by DZone contributors are their own.