Top 15 useful Keytool commands

by

keytool commands

Important Keytool commands for SSL Certificates

Keytool commands to Create or Import

These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates should be imported before importing the primary certificate for your domain.

Generate a Java keystore and key pair:

keytool -genkey -alias techCruds-keyalg RSA -keystore TechCrudsKeystore.jks -keysize 2048

Generate a certificate signing request (CSR) for an existing Java keystore:

keytool -certreq -alias techCruds-keystore TechCrudsKeystore.jks -file techcruds.csr

Generate a keystore and self-signed certificate:

keytool -genkey -keyalg RSA -alias selfsigned -keystore techCruds_keystore.jks -storepass password -validity 360 -keysize 2048

Import intermediate certificate using below command:

keytool -import -alias intermediate -trustcacerts -file intermediate.pem -keystore techCrudsKeystore.jks

Import the ROOT CA certificate using the below command:

keytool -import -alias root_ca -trustcacerts -file root_ca.pem -keystore techCrudsKeystore.jks

Commands to check

To check a stand-alone certificate:

keytool -printcert -v -file techCrudsDomain.crt

To check list of certificates in a Java keystore:

keytool -list -v -keystore techCrudsKeystore.jks

To check a particular keystore entry using an alias:

keytool -list -v -keystore techCrudsKeystore.jks -alias techcruds

To check expiration date of imported certificate:

keytool -list -v -keystore techCrudsKeyStore.jks -storepass "techcruds" | grep until

Where techcruds is the password of the .JKS file.

Other Java Keytool Commands

To delete a certificate from a Java Keytool keystore:

keytool -delete -alias techcruds -keystore techCurdsKeystore.jks

To Change a Java keystore password:

keytool -storepasswd -new new_storepass -keystore techCurdsKeystore.jks

To Export a certificate from a keystore:

keytool -export -alias techcruds -file techcruds.crt -keystore techCurdsKeystore.jks

To List Trusted CA Certs:

keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

To Import New CA into Trusted Certs:

keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

Command to change the by default alias name to custom alias using below command:

keytool -changealias -alias 1 -destalias ipaasesim -keystore techCrudsKeystore.jks

Other related Articles:

SSL Certificate 3 most useful commands

Reference:

Oracle Official website

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap