Wednesday, November 28, 2012

Useful java Keytool Command

Generate a Java keystore and key pair :

keytool -genkey -alias mycert -keyalg RSA -keystore keystore.jks -keysize 1024
Generate a keystore and self-signed certificate :

 keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
keytool command to view certificate details from keyStore :

keytool -list -v -keystore keystore.jks

Check a particular keystore entry using an alias:
keytool -list -v -keystore keystore.jks -alias mydomain

keytool command option is -printcert which prints details of a certificate stored in .cer file :
keytool -printcert -file test.cer

Export a certificate from a keystore:
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
 keytool -export -alias mydomain -keypass keypass -keystore keystore.jks -storepass jkspass -rfc -file keytool_crt.pem

Note: "keytool -export" command uses DER format by default. The "-rfc" option is to change it to PEM (RFC 1421) format.