Categories: Internet

List of Java Keytool Keystore Commands

Java KeyStore or JKS is a repository of security certificates. Like that, the Java Keytool is a certificate management utility which makes it possible to store and manage the certificates in the Keystore. The JKS include either authorization certificates or public key certificates alongside the private keys. While setting up the Java Keystore, you will create the .jks file which contains a private key. Then you have to proceed to the CSR Generation in order to obtain an SSL certificate. Apart from this, you can utilize the Keytool or the Keystore to perform several actions such as viewing the certificate or key details.

So, we handpicked some of the best Java Keytool Keystore commands to help you in the process. If you are looking for them, this article is for you.

Each certificate in the Keystore is associated with a unique alias. You could also utilize the Portecle tool for an easier Keystore management.
Be Sure to replace the terms such as “yourdomain” and the Keystore file name from the commands with appropriate options. Otherwise, the commands may not work.

Java Keytool Keystore Commands

Before we starting with the Keytool commands, have a look at this video which presents a live action on the Keytool command line. It will help you in the process.

Java Keytool Commands for Creating and Importing

These are some of the most used and essential Keytool commands for creating the Keystore file, generating a CSR for the certificate, and importing the certificates.

Generate Java Keystore and Key pair

Use this command in the Keytool for generating a Jave Keystore and a Key pair. The key will be generated with the 2048 bit encryption.

keytool -genkey -alias yourdomain -keyalg RSA -keystore keystore.jks -keysize 2048

Generate CSR for an existing Java Keystore

If you already have a Java Keystore generated and needed to create a CSR for it, use this command.

keytool -certreq -alias yourdomain -keystore keystore.jks -file yourdomain.csr

Import intermediate or root CA Certificate to an existing Java Keystore

Make sure that you replace the Keystore file name with the correct one and the certificate name too.

keytool -import -trustcacerts -alias root -file certname.crt -keystore keystore.jks

Import a signed primary Certificate to the existing Java Keystore

keytool -import -trustcacerts -alias yourdomain -file yourdomain.crt -keystore keystore.jks

Generate Keystore and self-signed Certificate

If you want to create a Keystore as well as a self-signed certificate at the same time using a single line of command, use the following.

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking Purposes

Like already mentioned, you could check the existing information in your Keystore by utilizing some commands. Have a look at them.

Check a stand-alone Certificate

Use this command to check a stand-alone certificate in your Keystore. Make sure that you replaced the “yourdomain.crt” with the name of your certificate.

keytool -printcert -v -file yourdomain.crt

Check which Certificates are in the Java Keystore

keytool -list -v -keystore keystore.jks

Check a particular Keystore entry using the alias

keytool -list -v -keystore keystore.jks -alias yourdomain

Common Java Keytool Commands

These are some of the most commonly used Jave Keytool commands used for the tasks such as deleting the Keystore, changing the password, and importing or exporting the data.

Delete a Certificate from the Keytool Keystore

It is common to have some situations where you have to delete certificates from the Keystore. To do this, use these Java Keytools command.

keytool -delete -alias yourdomain -keystore keystore.jks

Change the Java Keystore password

To ensure the security of your certificate and keys, it is good to change the Keystore password more often. In such situations, use this command in the Keytool.

keytool -storepasswd -new new_storepass -keystore keystore.jks

Export a Certificate from the Keystore

If you want to export an already created certificate from the Keystore for further usage, these commands can help.

keytool -export -alias yourdomain -file yourdomain.crt -keystore keystore.jks

List All Trusted CA Certificates

To have a look at the list of trusted CA certificates in your Keystore, use this.

keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

Import New CA (Certificate Authority) into Trusted Certs

If you have a new CA (Certificate Authority) to be included in the trusted CA list on the Keystore, use this command.

keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

The actions on the Keytool should be taken with extreme caution. Any incorrect mismatched command may result in some serious problems to your Keystore certificate or other files. For example, if you mistyped a command which matches the deletion command, your certificate will be deleted from the server or computer. So, make sure that everything is typed correctly before proceeding.

Also, make sure to replace the certificate names and the website addresses which we already mentioned above. If you have any questions or doubts regarding any of the above-listed commands in Keytool, feel free to reach us. We will always be happy to help you. Also be sure to check out the OpenSSL commands.

This website uses cookies.