Java Keytool Commands: Create/Import Root & Intermediate Certificate
Java Keytool Commands to easily manage your SSL certificates
Java Keytool, a key and certificate management tool, is used for managing certificate key pairs and certificates. The keys and certificates are stored in the Java Keystore. Your keys are protected by means of a password so that any illegitimate entity doesn’t get hold of it. Java Keytool offers various other functions that make the certificate management much easier. However, you’d need to run Java Keytool commands in order to use these functions. That’s why we’ve come up with commands that will help you create and import your certificate in no time.
How to Generate Root & Intermediate by Java Keytool Commands
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
Generate a certificate signing request (CSR) for an existing Java keystore:
keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
Generate a keystore and self-signed certificate:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
How to Import Root & Intermediate by Java Keytool Commands
keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore keystore.jks
Import a root CA certificate to an existing Java keystore:
keytool -import -trustcacerts -alias root -file root.crt -keystore keystore.jks
Import a signed SSL primary certificate to an existing Java keystore:
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
How to Check Certificate Information by Java Keytool Commands
keytool -printcert -v -file mydomain.crt
Check which certificates are in a Java keystore:
keytool -list -v -keystore keystore.jks
Check a particular keystore entry using an alias:
keytool -list -v -keystore keystore.jks -alias mydomain
How to Change Keystore Type by Java Keytool Commands
keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore newjkskeystore.jks -deststoretype JKS
JKS keystore to PFX keystore:
keytool -importkeystore -srckeystore myjksfile.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore newpfxkeystore.pfx
Other Useful Java Keytool Commands
keytool -delete -alias mydomain -keystore keystore.jks
Change a Java keystore password:
keytool -storepasswd -new newstorepass -keystore keystore.jks
Export a certificate from a keystore:
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
List Trusted CA Certs:
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
Import New CA into Trusted Certs:
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias mydomain -keystore $JAVA_HOME/jre/lib/security/cacerts
That was easy, wasn’t it? Well, most things are. We hope this blog helped you do whatever you were looking for. Don’t forget to give this blog your rating. And if you want to convert your certificate from one format to another, use our easy-to-use guide.
95%OFF
Comodo Positive SSL
78%OFF
RapidSSL Certificate
95%OFF