Keytool Operations: Difference between revisions
Jump to navigation
Jump to search
Line 37: | Line 37: | ||
==Native to PKCS#12== | ==Native to PKCS#12== | ||
Keys in PKCS#12 format can be generated with: | |||
keytool \ | keytool \ |
Revision as of 05:40, 8 April 2018
External
- https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6
Internal
Generate a Public/Private Key Pair
A key pair can be generated and placed in the keystore with the following command:
keytool \ -genkeypair \ -alias jce-provider-signing-key \ -keyalg DSA \ -keysize 1024 \ -dname "cn=Nova Ordis LLC, ou=Java Software Code Signing, o=Sun Microsystems Inc" \ -keystore ./test-keystore.jks \ -storepass n7ejfh2jef234rBe
Generate a Certificate Signing Request
A certificate signing request can be generated with the following command:
keytool -certreq -alias jce-provider-signing-key -file novaordis-jce-provider2.csr -keystore ./jce-provider-signing-keystore.jks -storepass n7ejfh2jef234rBe
Inspect the Certificate
The certificate data can be displayed with:
keytool -printcert -v -file ./test-cert.pem
It accepts certificates in PEM format.
Key Format Conversions
Native to PKCS#12
Keys in PKCS#12 format can be generated with:
keytool \ -importkeystore \ -srckeystore saml.keystore \ -destkeystore ./test-pvtkey.p12 \ -deststoretype PKCS12 \ -srcstorepass somepass \ -deststorepass someotherpass \ -srckeypass yetanotherpass \ -destkeypass someotherpass2 \ -srcalias myhostname