Exploring Java Keytool Keystore and its Commands

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
Java Keytool Keystore Commands

A Practical Guide to Java Keytool Keystore Commands

Do you desire a tool where you can manage your cryptographic keys and certificates without creating a huge mess and simplifying the whole management process? If yes, then don’t look any further and use Java Keytool Keystore.

So, what exactly is the Java Keytool? A Java Keytool is a management platform or tool that allows users to manage keys and certificates. Both certificates and private and public keys are stored in a “Keystore.” The keytool also lets you view certificates, export them or view a list of all the certificates you have saved.

How to create a Java Keystore?

By following the steps mentioned below, you can create a Java Keystore:

  • Create a file with a .jks extension containing only the private key.
  • Generate a CSR.
  • Get a certificate issued based on the CSR.
  • Import the certificate into the keystore along with any associated roots and intermediates.

Let’s familiarize ourselves with some of the most basic Java Keytool commands in the next section of the article.

Java Keytool Commands

For a better understanding, let’s divide the commands based on four categories, such as:

  • Commands that you use for creating new Java Keytool files, CSR, etc.
  • Commands that you can use for importing.
  • Commands that you use to verify the information within a keystore or certificate.
  • Commands that you use for other activities: exporting a cert from a keystore, changing the keystore password, etc.

Commands that you use for creating new Java Keytool files, CSR, etc.

Case 1: For creating a key pair and keystore, use the following command given below:

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

Case 2: For creating a CSR for a current keystore, use the following command given below:

keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr

Case 3: For creating a self-signed certificate and a keystore, use the following command given below:

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Commands that you use for importing

Case 1: For importing an intermediate certificate or a root certificate to a current keystore, use the following command given below:

keytool -import -trustcacerts -alias root -file Sectigo.crt -keystore keystore.jks

Case 2: For importing a signed primary certificate to a current keystore, use the following command given below:

keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

Case 3: For importing new CAinto Trusted Certs, use the following command given below:

keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

Commands that you use to verify the information within a keystore or certificate

Case 1: For verifying a stand-alone certificate, use the following command given below:

keytool -printcert -v -file mydomain.crt

Case 2: For verifying which certificates are present in the keystore, use the following command given below:

keytool -list -v -keystore keystore.jks

Case 3: For verifying a specific keystore entry by employing an alias, use the following command given below:

keytool -list -v -keystore keystore.jks -alias mydomain

Commands that you use for other activities: exporting a cert from a keystore, changing the keystore password, etc.

Case 1: For deleting a certificate from the keystore, use the following command given below:

keytool -delete -alias mydomain -keystore keystore.jks

Case 2: For changing the keystore password, use the following command given below:

keytool -storepasswd -new new_storepass -keystore keystore.jks

Case 3: For exporting a certificate from the keystore, use the following command given below:

keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks

Case 4: For listing all the CA certificates that are trusted, use the following command given below:

keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

Conclusion

In this article, we have discussed what Java Keytool Keystore is. We have also explored keytool commands allowing you to manage your private and public keys and certificates. If you have any queries related to the topic, please feel free to send your questions to us as comments. We will be happy to help.

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.

Buy Cheap Wildcard SSL