What is the Java Keytool?
The Java keytool is a command-line utility that allows you to manage a keystore. A keystore is a database of X.509 certificates, certificate chains, trust anchor or root certificates (truststore), and cryptographic asymmetric (public/private) and symmetric keys (secret).
Keystores are configured to be used for either authentication or as a truststore. A keystore can also be used to administer secret keys and passphrases and to cache certificates.
In more simple terms, a keystore is simply a file, protected by a password, containing keys and certificates.
Common Java keytool commands
- Generate a certificate request to be sent (to a Certification Authority) for enrollment of a signed certificate
- Change an alias of a keystore entry
- Delete a certificate or key entry in a keystore
- Export certificate from a keystore
- Generate a key pair for asymmetric encryption
- Generate a secret key for symmetric encryption
- Generate a certificate from a certificate request or in other words, signing a certificate from a submitted CSR
- Import a certificate and certificate chain and password into a keystore
- Import another keystore into an existing keystore
- Change a key password and keystore password
- List entries in a keystore
- Print certificate, Certificate Signing Request (CSR), and Certificate Revocation List (CRL) contents
See https://docs.oracle.com/javase/10/tools/keytool.htm#JSWOR-GUID-5990A2E4-78E3-47B7-AE75-6D1826259549 for the official java keytool documentation.