Managing Keystores and Truststores
Use the following keytool commands for common tasks involving keystores and truststores in the Oracle® Session Delivery Management Cloud (Oracle SDM Cloud).
- Create a Truststore and add certificates.
- Create a copy of the default truststore:
cp "<java installation path>/lib/security/cacerts" "/opt/oracle/mce/conf/ssl/osdmc.jks" - Import certificates into the new truststore:
keytool -import -trustcacerts -alias example-ca-cert1.pem \ -file /opt/mce/conf/ssl/example-ca-cert1.pem \ -keystore /opt/mce/conf/ssl/osdmc.jks -storepass <password> keytool -import -trustcacerts -alias example-ca-cert1.pem \ -file /opt/mce/conf/ssl/-alias example-ca-cert1.pem\ -keystore /opt/mce/conf/ssl/osdmc.jks -storepass <password>
- Create a copy of the default truststore:
- Delete a certificate from a keystore or truststore
For example:keytool -delete -alias <alias> -keystore <keystore-file>keytool -delete -alias <alias> -keystore ACPKeyAndCertStore - Change the keystore/truststore password
For example:keytool -storepasswd -keystore <keystore-file>/opt/mce/java/bin/keytool -storepasswd -keystore ACPKeyAndCertStore - Create a new keystore and add certificates.
- Create an empty keystore:
keytool -genkeypair -alias sample -keyalg RSA -keystore ACPKeyAndCertStore \ -storepass <password> -dname "CN=Sample,OU=Sample,O=Sample,L=Sample,S=Sample,C=US" keytool -delete -keystore ACPKeyAndCertStore -storepass <password> -alias sample - Import device certificates:
keytool -importcert -file <Device name>_CustomerCert.pem -keystore ACPKeyAndCertStore \ -alias <alias> -storepass <password> -noprompt - List certificate aliases:
keytool -list -keystore ACPKeyAndCertStore -v | grep Alias
- Create an empty keystore:
- List certificates by alias name:
For example:keytool -list -keystore <keystore-file> -v | grep Alias
Enter the keystore password when prompted./opt/mce/java/bin/keytool -list -keystore ACPKeyAndCertStore -v | grep Alias - Export a certificate using its alias:
For example:keytool -exportcert -rfc -alias <alias> -keystore <keystore-file> -file <output-file>
Enter the keystore password when prompted./opt/mce/java/bin/keytool -exportcert -rfc -alias <alias> \ -keystore /opt/mce/Transport/tls/ACPKeyAndCertStore -file cacert.pem - Get certificate details by alias:
For example:keytool -list -v -keystore <keystore-file> -alias <alias>
This displays detailed certificate information, such as validity dates, fingerprints, owner, issuer, and extensions./opt/mce/java/bin/keytool -list -v -keystore ACPKeyAndCertStore -alias <password>