Open a console/command prompt (in admin mode if on windows), ‘cd’ to your JDK’s bin directory (if you do not have the JDK’s bin setup in your PATH) and run following command:
NOTE – Following command was named -genkey in previous releases. This old name is still supported in this release and will be supported in future releases, but for clarify the new name, -genkeypair, is preferred going forward.
| keytool -import -alias test-cert -file test-key.cer -keystore test-truststore | |
| Enter keystore password: test-truststore-pwd | |
| Re-enter new password: test-truststore-pwd | |
| Owner: CN=test-first-last-name, OU=test-ou-name, O=test-org-name, L=test-city, ST=test-state, C=US | |
| Issuer: CN=test-first-last-name, OU=test-ou-name, O=test-org-name, L=test-city, ST=test-state, C=US | |
| Serial number: 51cafd4e | |
| Valid from: Wed Jun 26 10:40:14 EDT 2013 until: Tue Sep 24 10:40:14 EDT 2013 | |
| Certificate fingerprints: | |
| MD5: D3:FD:A9:15:1D:74:A0:C9:8D:E7:62:69:D1:F7:E0:B6 | |
| SHA1: 45:33:D5:EB:AB:50:9A:FB:FB:02:A4:9A:2F:5B:18:1A:CD:7A:75:62 | |
| Signature algorithm name: SHA1withRSA | |
| Version: 3 | |
| Trust this certificate? [no]: yes | |
| Certificate was added to keystore |
Once you run above command, it will create a new keystore (if not already exists) at following location:
Windows : %JAVA_HOME%\bin\test-keystore
Linux/Mac/Solaris : $Java_HOME/bin/test-keystore
To make sure the key generated above is saved in the newly created keystore, run following command:
NOTE that I’ve used the same keystore password for the key as well and I did that intentionally because not all SSL clients allows you to specify a different password for the key and the keystore.
| keytool -list -v -keystore test-keystore | |
| Enter keystore password: test-keystore-pwd | |
| Keystore type: JKS | |
| Keystore provider: SUN | |
| Your keystore contains 1 entry | |
| Alias name: test-key | |
| Creation date: Jun 26, 2013 | |
| Entry type: PrivateKeyEntry | |
| Certificate chain length: 1 | |
| Certificate[1]: | |
| Owner: CN=test-first-last-name, OU=test-ou-name, O=test-org-name, L=test-city, ST=test-state, C=US | |
| Issuer: CN=test-first-last-name, OU=test-ou-name, O=test-org-name, L=test-city, ST=test-state, C=US | |
| Serial number: 51cafd4e | |
| Valid from: Wed Jun 26 10:40:14 EDT 2013 until: Tue Sep 24 10:40:14 EDT 2013 | |
| Certificate fingerprints: | |
| MD5: D3:FD:A9:15:1D:74:A0:C9:8D:E7:62:69:D1:F7:E0:B6 | |
| SHA1: 45:33:D5:EB:AB:50:9A:FB:FB:02:A4:9A:2F:5B:18:1A:CD:7A:75:62 | |
| Signature algorithm name: SHA1withRSA | |
| Version: 3 | |
| ******************************************* | |
| ******************************************* |
No comments:
Post a Comment