The following examples demonstrate usage related to certificate handling using JSSE tools:
Create a self-signed certificate in a keystore of type JKS using an RSA key algorithm. RSA is public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technology.
keytool -genkey -noprompt -trustcacerts -keyalg RSA -alias ${cert.alias} -dname ${dn.name} -keypass ${key.pass} -keystore ${keystore.file} -storepass ${keystore.pass} |
Another example of creating a certificate is shown in Generating a Certificate Using the keytool Utility.
Create a self-signed certificate in a keystore of type JKS using the default key algorithm.
keytool -genkey -noprompt -trustcacerts -alias ${cert.alias} -dname ${dn.name} -keypass ${key.pass} -keystore ${keystore.file} -storepass ${keystore.pass} |
An example of signing a certificate is shown in Signing a Digital Certificate Using the keytool Utility
Display available certificates from a keystore of type JKS.
keytool -list -v -keystore ${keystore.file} -storepass ${keystore.pass} |
Display certificate information from a keystore of type JKS.
keytool -list -v -alias ${cert.alias} -keystore ${keystore.file} -storepass ${keystore.pass} |
Import an RFC/text-formatted certificate into a JKS store. Certificates are often stored using the printable encoding format defined by the Internet RFC (Request for Comments) 1421 standard instead of their binary encoding. This certificate format, also known as Base 64 encoding, facilitates exporting certificates to other applications by email or through some other mechanism.
keytool -import -noprompt -trustcacerts -alias ${cert.alias} -file ${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass} |
Export a certificate from a keystore of type JKS in PKCS7 format. The reply format defined by the Public Key Cryptography Standards #7, Cryptographic Message Syntax Standard, includes the supporting certificate chain in addition to the issued certificate.
keytool -export -noprompt -alias ${cert.alias} -file ${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass} |
Export a certificate from a keystore of type JKS in RFC/text format.
keytool -export -noprompt -rfc -alias ${cert.alias} -file ${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass} |
Delete a certificate from a keystore of type JKS.
keytool -delete -noprompt -alias ${cert.alias} -keystore ${keystore.file} -storepass ${keystore.pass} |
Another example of deleting a certificate from a keystore is shown in Deleting a Certificate Using the keytool Utility