Keytool Operations: Difference between revisions
Jump to navigation
Jump to search
Line 33: | Line 33: | ||
-storepass somepass | -storepass somepass | ||
=Inspect | =<span id='Inspect_the_Certificate'></span>Inspect a Certificate= | ||
The [[Public_Key_Security#Certificate|certificate]] data can be displayed with: | The [[Public_Key_Security#Certificate|certificate]] data can be displayed with: |
Revision as of 17:49, 8 April 2018
External
- https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6
Internal
Generate a Public/Private Key Pair
A key pair can be generated and placed in the keystore with the following command. The private key thus generated can be used in the procedure to generate digitally signed certificates.
keytool \ -genkeypair \ -alias jce-provider-signing-key \ -keyalg RSA \ -keysize 2048 \ -dname "cn=Nova Ordis LLC, ou=Java Software Code Signing, o=Sun Microsystems Inc" \ -keystore ./test-keystore.jks \ -storepass n7ejfh2jef234rBe
For more general considerations on private keys, see:
Generate a Certificate Signing Request
A certificate signing request can be generated with the following command. This step is part of the procedure to generate digitally signed certificates.
keytool \ -certreq \ -alias jce-provider-signing-key \ -file novaordis-jce-provider2.csr \ -keystore ./jce-provider-signing-keystore.jks \ -storepass somepass
Inspect a Certificate
The certificate data can be displayed with:
keytool -printcert -v -file ./test-cert.pem
It accepts certificates in PEM format.
Key Format Conversions
Native to PKCS#12
Keys in PKCS#12 format can be generated with:
keytool \ -importkeystore \ -srckeystore saml.keystore \ -destkeystore ./test-pvtkey.p12 \ -deststoretype PKCS12 \ -srcstorepass somepass \ -deststorepass someotherpass \ -srckeypass yetanotherpass \ -destkeypass someotherpass2 \ -srcalias myhostname