keytool简明用法
2012-10-23 15:30
316 查看
Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. Java Keytool stores the keys and certificates in what is called a keystore. A Keytool keystore contains
the private key and any certificates necessary to complete a chain of trust and establish the trustworthiness of the primary certificate.
Each certificate in a Java keystore is associated with a unique alias. When creating a Java keystore you will first create the .jks file that will initially only contain the private key. You will then generate a CSR and have a certificate generated from it.
Then you will import the certificate to the keystore including any root certificates.
Below, we have listed the most common Java Keytool keystore commands and their usage:
These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.
Generate a Java keystore and key pair
Generate a certificate signing request (CSR) for an existing Java keystore
Import a root or intermediate CA certificate to an existing Java keystore
Import a signed primary certificate to an existing Java keystore
Generate a keystore and self-signed certificate
If you need to check the information within a certificate, or Java keystore, use these commands.
Check a stand-alone certificate
Check which certificates are in a Java keystore
Check a particular keystore entry using an alias
Delete a certificate from a Java Keytool keystore
Change a Java keystore password
Export a certificate from a keystore
List Trusted CA Certs
Import New CA into Trusted Certs
the private key and any certificates necessary to complete a chain of trust and establish the trustworthiness of the primary certificate.
Each certificate in a Java keystore is associated with a unique alias. When creating a Java keystore you will first create the .jks file that will initially only contain the private key. You will then generate a CSR and have a certificate generated from it.
Then you will import the certificate to the keystore including any root certificates.
Below, we have listed the most common Java Keytool keystore commands and their usage:
Java Keytool Commands for Creating and Importing
These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.Generate a Java keystore and key pair
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks
Generate a certificate signing request (CSR) for an existing Java keystore
keytool -certreq -alias "mydomain" -keystore keystore.jks -file mydomain.csr
Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
Import a signed primary certificate to an existing Java keystore
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
Generate a keystore and self-signed certificate
keytool -genkey -keyalg RSA -alias "selfsigned" -keystore keystore.jks -storepass "password" -validity 360
Java Keytool Commands for Checking
If you need to check the information within a certificate, or Java keystore, use these commands.Check a stand-alone certificate
keytool -printcert -v -file mydomain.crt
Check which certificates are in a Java keystore
keytool -list -v -keystore keystore.jks
Check a particular keystore entry using an alias
keytool -list -v -keystore keystore.jks -alias mydomain
Other Java Keytool Commands
Delete a certificate from a Java Keytool keystorekeytool -delete -alias "mydomain" -keystore keystore.jks
Change a Java keystore password
keytool -storepasswd -new new_storepass -keystore keystore.jks
Export a certificate from a keystore
keytool -export -alias mydomain -file mydomain.crt
List Trusted CA Certs
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
Import New CA into Trusted Certs
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
FROM: http://nl.globalsign.com/en/support/ssl+certificates/java/java+based+webserver/keytool+commands/
相关文章推荐
- Python中 sys.argv[]的用法简明解释
- git超简明用法
- Java制作证书的工具keytool用法总结
- Java制作证书的工具keytool用法总结 (转载)
- keytool用法总结
- KeyTool的用法
- [源码管理] ubuntu中svn简明用法:服务器搭建+客户端使用
- keytool用法及说明
- ubantu Linux下安装vim&vim简明用法
- java加密解密--keytool 用法
- Java制作证书的工具keytool用法总结
- boost xpressive简明用法
- keytool 用法总结
- keytool 用法总结
- [C#] DataGridView简明用法
- emerge 的用法(简明笔记)
- java 数字证书keytool用法
- Python中 sys.argv[]的用法简明解释
- java keytool用法
- ubuntu中svn简明用法:服务器搭建+客户端使用