Tuesday, July 4, 2017

Java Keytool Commands



Keytool is very useful tool that  comes along with JRE or JDK,which is useful in creating JKS (Java Keystore files) ,helps in generating private key and CSR(Cert Signing Request) and also converting the JKS file into PKCS12 file.

Below are the steps to create a SSL cert and get it signed with CA

  • Generate Key
  • Generate CSR
  • Validate the CSR
  • Submit the CSR to Cert Signing Authority(CA),For Ex: CA-Verisign,Symatec,Godaddy etc
  • Add the given public cert(.p7b format) to the JKS file.  

Below are various KEYTOOL commands which are very helpful


KEYTOOL COMMAND TO GENERATE PRIVATE KEY AND CSR
**************************************************************
cd JDK_HOME\bin

keytool -genkey -alias <ALIAS_NAME> -keyalg RSA -keysize 2048 -keystore <JKS FILE COMPLETE PATH> -dname "CN=XXXXXXXXX,OU=YYYYY, O=ZZZZZZZZZ, L=AAAAA, ST=BBBBB, C=WWWW"
KEYTOOL COMMAND TO  GENERATE CSR
******************************************
keytool -certreq -alias <ALIAS_NAME> -file <CSR FILE COMPLETE PATH> -keystore <JKS FILE ALONG WITH COMPLETE PATH>

Verify the CSR using the below link
******************************************
https://ssltools.websecurity.symantec.com/checker/views/csrCheck.jsp


KEYTOOL COMMAND TO DISPLAY or LIST OUT THE ENTRIES OF THE JKS FILE
*******************************************************************************
keytool -list -v -keystore <KEYSTORE FILE NAME WITH COMPLETE NAME> -storetype jks -storepass <PASSWORD>


KEYTOOL COMMAND TO ADD  ENTRIES OF ONE JKS FILE TO ANOTHER JKS FILE
*******************************************************************************
keytool -importkeystore -srckeystore <SOURCE KEYSTORE> -destkeystore <DESTINATION KEYSTORE> -srcalias <SRC ALIAS> -destalias <DST ALIAS> -srcstorepass **** -deststorepass ****


KEYTOOL COMMAND TO CHANGE THE ALIAS OF THE GIVEN THE JKS FILE
**********************************************************************
keytool -changealias -alias <CURRENT ALIAS> -destalias <DEST ALIAS> -keypass *********  -keystore <JKS FILE ALONG WITH COMPLETE PATH> -storepass *******


 KEYTOOL COMMAND TO Import the signed (public) certificate to the keystore:
******************************************************************
keytool -import -trustcacerts -alias <ALIAS_NAME> -file <.P7B FILE COMPLETE PATH> -keystore <JKS FILE ALONG WITH COMPLETE PATH>


 KEYTOOL COMMAND TO EXPORT  CER file from JKS file
**********************************************************
keytool -export -keystore <JKS FILE ALONG WITH COMPLETE PATH> -alias <ALIAS-NAME> -file <CER FILE NAME>


KEYTOOL COMMAND TO CHANGE PASSWORD OF A JKS FILE
*********************************************************
keytool -keypasswd -keystore <JKS FILE ALONG WITH COMPLETE PATH> -alias <ALIAS-NAME>


 KEYTOOL COMMAND TO CONVERT JKS to PKCS12
*************************************************
keytool -importkeystore -srckeystore <JKS FILE ALONG WITH COMPLETE PATH> -srcstoretype JKS -deststoretype PKCS12 -destkeystore <PKCS12 FILE ALONG WITH COMPLETE PATH>


NOTE:<>-this are parameters and we need to substitute with the appropriate values.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)