• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

All things PKI, HTTPS, SSL, TLS, Digital Certificates

  • Buy SSL Certificates
  • Blog
  • Java Keytool
  • OpenSSL
  • Certificate Decoder
  • Donate

Java Keytool – Commands and Tutorials

What is the Java Keytool?

The Java keytool is a command-line utility that allows you to manage a keystore. A keystore is a database of X.509 certificates, certificate chains, trust anchor or root certificates (truststore), and cryptographic asymmetric (public/private) and symmetric keys (secret).

Keystores are configured to be used for either authentication or as a truststore. A keystore can also be used to administer secret keys and passphrases and to cache certificates.

In more simple terms, a keystore is simply a file, protected by a password, containing keys and certificates.

Common Java keytool commands

  • Generate a certificate request to be sent (to a Certification Authority) for enrollment of a signed certificate
  • Change an alias of a keystore entry
  • Delete a certificate or key entry in a keystore
  • Export certificate from a keystore
  • Generate a key pair for asymmetric encryption
  • Generate a secret key for symmetric encryption
  • Generate a certificate from a certificate request or in other words, signing a certificate from a submitted CSR
  • Import a certificate and certificate chain and password into a keystore
  • Import another keystore into an existing keystore
  • Change a key password and keystore password
  • List entries in a keystore
  • Print certificate, Certificate Signing Request (CSR), and Certificate Revocation List (CRL) contents

See https://docs.oracle.com/javase/10/tools/keytool.htm#JSWOR-GUID-5990A2E4-78E3-47B7-AE75-6D1826259549 for the official java keytool documentation.

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Buy SSL Certificates

SSL/TLS Certificate Small Square (200 x 200)

Recent Posts

  • PKCS7
  • PKCS8 (PKCS #8)
  • keytool delete alias – How to delete an alias from a keystore
  • keytool alias -changealias – How to change a private key alias
  • SSL Certificate Expiration and SSL Certificate Renewal

Footer

  • Twitter
  • YouTube

Copyright © 2021 · Designed by North Flow Tech