Tuesday, April 1, 2014

Java Key Store Commands

Common Keytool Commands

Following table lists keytool commands you use when creating and using JKS keystores with WebLogic Server.
 
Table  Commonly Used keytool Commands 
Command
Description
keytool -genkey -keystore keystorename -storepass keystorepassword
Generates a new private key entry and self-signed digital certificate in a keystore. If the keystore does not exist, it is created.
keytool -import -alias aliasforprivatekey
-file 
privatekeyfilename.pem-keypass privatekeypassword-keystore keystorename -storepass keystorepassword
Updates the self-signed digital certificate with one signed by a trusted CA.
keytool -import -alias rootCA -trustcacerts -file RootCA.pem -keystore trust.jks -storepass keystorepassword
keytool -import -alias intermediate -trustcacerts -file Intermediate.pem -keystore keystorename -storepasskeystorepassword
Creates a custom keystore to be used for holding an intermediate CA certificate.
  •  The first keytool command creates the keystore, trust.jks, which holds the root CA certificate.
  •  The second keytool command imports the intermediate CA certificate into trust.jks.
This enables WebLogic Server’s SSL implementation to transmit the intermediate certificate with the server’s public certificate to the client during the SSL handshake.
keytool -import -alias aliasfortrustedca -trustcacerts -file trustedcafilename.pem -keystore keystorename -storepass keystorepassword
Loads a trusted CA certificate into a keystore. If the keystore does not exist, it is created.
keytool -certreq -alias alias
-sigalg
 sigalg-file certreq_file-keypass privatekeypassword-storetype keystoretype-keystore keystorename-storepass keystorepassword
Generates a Certificate Signing Request (CSR), using the PKCS#10 format, and a self-signed certificate with a private key.
Stores the CSR in the specified certreq_file, and the certificate/private key pair as a key entry in the specified keystore under the specified alias.
keytool -list -keystore keystorename
Displays what is in the keystore.
keytool -delete -keystore keystorename -storepass keystorepassword -alias privatekeyalias
Deletes the entry identified by the specified alias from the keystore.
keytool -help
Provides online help for keytool.


OCI Knowledge Series: OCI Infrastructure components

  Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of...