-
Generate a Java keystore and key pair:
keytool -genkey -alias yourdomain -keyalg RSA -keystore /path/to/yourkeystore.jks -keysize 2048 -
Generate a certificate sigining request (CSR):
keytool -certreq -alias yourdomain -keystore /path/to/yourkeystore.jks -file yourdomain.csr -
Import a certificate into an existing Java keystore:
keytool -import -trustcacerts -alias smtp.gmail.com -file smtp.gmail.com.cert -keystore /path/to/yourkeystore.jks -
Generate a keystore and a self-signed certificate:
keytool -genkey -keyalg RSA -alias selfsigned -keystore yourkeystore.jks -storepass password -validity 365 -keysize 2048
-
Describe a certificate:
keytool -printcert -v -file yourdomain.cert -
List the certificates in the specified keystore:
keytool -list -v -keystore /path/to/yourkeystore.jks -
Find the certificate by alias in the specified keystore:
keytool -list -v -keystore /path/to/yourkeystore.jks -alias yourdomain -
Delete a certificate from the specified keystore:
keytool -delete -alias yourdomain -keystore /path/to/yourkeystore.jks -
Change the password of the specified keystore:
keytool -storepasswd -new newpass -keystore /path/to/yourkeystore.jks -
Export a certificate from the specified keystore:
keytool -export -alias yourdomain -file yourdomain.crt -keystore /path/to/yourkeystore.jks
Note:
- The default Java JVM keystore password is changeit
- The default Java JVM keystore to store trusted CA certificates is located at: $JAVA_HOME/jre/lib/security/cacerts (or /System/Library/Frameworks/JavaVM.framework//Versions/CurrentJDK/Home/lib/security/cacerts on Mac OS X)
No comments:
Post a Comment