keytool is a key and certificate management utility used to create the keys. It also manages a .keystore file containing private keys and the associated X.509 certificate chains authenticating the corresponding public keys, issues certificate requests (which you send to the appropriate CA), imports certificate replies (obtained from the contacted CA), designates public keys belonging to other parties as trusted, and generates a unique key alias for each keystore entry. There are two types of entries in a keystore:
A keystore entry holds sensitive cryptographic key information, stored in a protected format to prevent unauthorized access. Typically, a key stored in this type of entry is a secret or private key accompanied by a certificate chain for the corresponding public key.
A trusted certificate entry contains a single public key certificate belonging to another party. It is called a trusted certificate because the keystore owner trusts that the public key in the certificate indeed belongs to the identity identified by the subject of the certificate. The issuer of the certificate vouches for this, by signing the certificate.
To create a keystore and default key entry in .keystore, you must use keytool, available from the Java Development Kit (JDK), version 1.3.1 and above. For more details, see keytool — Key and Certificate Management Tool.