Shulou(Shulou.com)06/01 Report--

Java keytool is a key and certificate management tool. It enables users to manage their own public / private key pairs and related certificates for (through digital signature) self-authentication (users authenticate themselves to other users / services) or data integrity and authentication services. It also allows users to store the public key of their communication peer (in the form of a certificate).

one。 Keytool create and Import Command

Create keystore and key pair

Generate a Java keystore and key pair

Keytool-genkey-alias mydomain-keyalg RSA-keystore keystore.jks-keysize 2048

Generate a certificate request file CSR for the existing keystore

Generate a certificate signing request (CSR) for an existing Java keystore

Keytool-certreq-alias mydomain-keystore keystore.jks-file mydomain.csr

Import a root certificate or intermediate certificate to keystore

Import a root or intermediate CA certificate to an existing Java keystore

Keytool-import-trustcacerts-alias root-file mydomain.crt-keystore keystore.jks

Import SSL server certificate to keystore

Import a signed primary certificate to an existing Java keystore

Keytool-import-trustcacerts-alias mydomain-file mydomain.crt-keystore keystore.jks

Generate a self-signed certificate for the existing keystore

Generate a keystore and self-signed certificate

Keytool-genkey-keyalg RSA-alias selfsigned-keystore keystore.jks-storepass password-validity 360-keysize 2048

two。 Keytool View Command

View a single certificate

Check a stand-alone certificate

Keytool-printcert-v-file mydomain.crt

List all certificates that exist in keystore

Check which certificates are in a Java keystore

Keytool-list-v-keystore keystore.jks

Use aliases to view keystore specific entries

Check a particular keystore entry using an alias

Keytool-list-v-keystore keystore.jks-alias mydomain

three。 Other Keytool commands

Delete the specified certificate in keystore

Delete a certificate from a Java Keytool keystore

Keytool-delete-alias mydomain-keystore keystore.jks

Change the keysore password

Change a Java keystore password

Keytool-storepasswd-new new_storepass-keystore keystore.jks

Export the specified certificate in keystore

Export a certificate from a keystore

Keytool-export-alias mydomain-file mydomain.crt-keystore keystore.jks

List trusted CA certificates

List Trusted CA Certs

Keytool-list-v-keystore $JAVA_HOME/jre/lib/security/cacerts

Import a new CA to the trust certificate

Import New CA into Trusted Certs

Keytool-import-trustcacerts-file / path/to/ca/ca.pem-alias CA_ALIAS-keystore $JAVA_HOME/jre/lib/security/cacerts

Keytool introduction

Keytool is a tool for managing Java data certificates. Keytool stores keys (key) and certificates (certificates) in a file called keystore. In keystore, there are two kinds of data: key entity (Key entity)-key (secret key) or trusted certificate entity (trusted certificate entries) of private key and paired public key (using asymmetric encryption)-only public key.

Description of common parameters of keytool in JDK (there are differences between different versions. For more information, please see the official documentation link in [Appendix]):

-genkey in the user's home directory-genkey creates a default file ".KeyStore" in the user's home directory, and also generates an alias for mykey, mykey contains the user's public key, private key, and certificate (if no generation location is specified, keystore will have the user's system default directory)-alias generates aliases each keystore is associated with this unique alias This alias is usually case-insensitive-keystore specifies the name of the KeyStore (all kinds of information generated will not be in the .keystore file)-keyalg specifies the algorithm of the key (such as RSA DSA The default value is: DSA)-validity specifies how many days the certificate created is valid (default 90)-keysize specifies the key length (default 1024)-storepass specifies the password of the KeyStore (password required to obtain keystore information)-keypass specifies the password of the alias entry (password of the private key)-dname specifies the certificate issuer information where: "CN= first and last name, OU= organizational unit name, O = organization name, L = city or district domain name. Name of ST= state or province C = two-letter country code of unit "- list displays certificate information in the KeyStore keytool-list-v-keystore specifies keystore-storepass password-v displays certificate details in the KeyStore-export exports the certificate specified by the alias to the file keytool-export-alias alias to be exported-keystore specifies the keystore-file specifies the exported certificate location and the certificate name-storepass password-file parameter specifies the exported to the file File name-delete Delete an entry in the KeyStore keytool-delete-alias specify the item to be deleted-keystore specify keystore-storepass password-printcert view the exported certificate information keytool-printcert-file g:\ sso\ michael.crt-keypasswd modify the alias to be modified for the specified entry password keytool-keypasswd-alias in the KeyStore-keypass old password-new new password-storepass keystore password-keystore sage-storepasswd modify keystore password keytool-storepasswd-keystore g :\ sso\ michael.keystore (keystore to change password)-storepass pwdold (original password)-new pwdnew (new password)-import imports the signed digital certificate into the KeyStore keytool-import-alias specifies the alias of the import entry-keystore specifies that keystore-file creates a default file ".keystore" in the certificate to be imported It will also generate an alias for mykey Mykey contains the user's public key, private key, and certificate (keystore will have the user's system default directory if no generation location is specified)-alias generates aliases each keystore is associated with this unique alias, which is usually case-insensitive-keystore specifies the name of the KeyStore (all kinds of information generated will not be in the .KeyStore file)-keyalg specifies the key algorithm (such as RSA DSA The default value is: DSA)-validity specifies how many days the certificate created is valid (default 90)-keysize specifies the key length (default 1024)-storepass specifies the password of the KeyStore (password required to obtain keystore information)-keypass specifies the password of the alias entry (password of the private key)-dname specifies the certificate issuer information where: "CN= first and last name, OU= organizational unit name, O = organization name, L = city or district domain name. Name of ST= state or province C = two-letter country code of unit "- list displays certificate information in the KeyStore keytool-list-v-keystore specifies keystore-storepass password-v displays certificate details in the KeyStore-export exports the certificate specified by the alias to the file keytool-export-alias alias to be exported-keystore specifies the keystore-file specifies the exported certificate location and the certificate name-storepass password-file parameter specifies the exported to the file File name-delete Delete an entry in the KeyStore keytool-delete-alias specify the item to be deleted-keystore specify keystore-storepass password-printcert view the exported certificate information keytool-printcert-file g:\ sso\ michael.crt-keypasswd modify the alias to be modified for the specified entry password keytool-keypasswd-alias in the KeyStore-keypass old password-new new password-storepass keystore password-keystore sage-storepasswd modify keystore password keytool-storepasswd-keystore g :\ sso\ michael.keystore (keystore to change password)-storepass pwdold (original password)-new pwdnew (new password)-import imports the signed digital certificate into the KeyStore keytool-import-alias specifies the alias of the import entry-keystore specifies the certificate to be imported by keystore-file

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.