Keytool Operations: Difference between revisions
Jump to navigation
Jump to search
| Line 33: | Line 33: | ||
It accepts certificates in [[Public_Key_Security#PEM|PEM]] format. | It accepts certificates in [[Public_Key_Security#PEM|PEM]] format. | ||
=Key Format Conversions= | |||
==Native to PKCS#12== | |||
keytool \ | |||
-importkeystore \ | |||
-srckeystore saml.keystore \ | |||
-destkeystore ./test-pvtkey.p12 \ | |||
-deststoretype PKCS12 \ | |||
-srcstorepass somepass \ | |||
-deststorepass someotherpass \ | |||
-srckeypass yetanotherpass \ | |||
-destkeypass someotherpass2 \ | |||
-srcalias myhostname | |||
Revision as of 05:39, 8 April 2018
External
- https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6
Internal
Generate a Public/Private Key Pair
A key pair can be generated and placed in the keystore with the following command:
keytool \ -genkeypair \ -alias jce-provider-signing-key \ -keyalg DSA \ -keysize 1024 \ -dname "cn=Nova Ordis LLC, ou=Java Software Code Signing, o=Sun Microsystems Inc" \ -keystore ./test-keystore.jks \ -storepass n7ejfh2jef234rBe
Generate a Certificate Signing Request
A certificate signing request can be generated with the following command:
keytool -certreq -alias jce-provider-signing-key -file novaordis-jce-provider2.csr -keystore ./jce-provider-signing-keystore.jks -storepass n7ejfh2jef234rBe
Inspect the Certificate
The certificate data can be displayed with:
keytool -printcert -v -file ./test-cert.pem
It accepts certificates in PEM format.
Key Format Conversions
Native to PKCS#12
keytool \ -importkeystore \ -srckeystore saml.keystore \ -destkeystore ./test-pvtkey.p12 \ -deststoretype PKCS12 \ -srcstorepass somepass \ -deststorepass someotherpass \ -srckeypass yetanotherpass \ -destkeypass someotherpass2 \ -srcalias myhostname