Last active
September 14, 2020 09:06
-
-
Save schneefisch/70471c310969312822c80e9da2f34558 to your computer and use it in GitHub Desktop.
Java keytool basic usage
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # more shortcuts at https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html | |
| # list certificates included in a keystore | |
| keytool -list -v -keystore keystore.jks | |
| # with specific storetype: | |
| keytool -list -v -storetype jceks keystore.jks | |
| # check a specific certificate | |
| keytool -printcert -v -file mydomain.crt | |
| # check a specific keystore entry using the alias | |
| keytool -list -v -keystore keystore.jks -alias mydomain | |
| # export a certificate by alias from a keystore | |
| keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks | |
| #### Import certificate into keytool | |
| # Copy the certificate into the directory Java_home\Jre\Lib\Security | |
| # Change your directory to Java_home\Jre\Lib\Security> | |
| # Import the certificate to a trust store. | |
| keytool -import -alias ca -file somecert.cer -keystore cacerts -storepass changeit [Return] | |
| Trust this certificate: [Yes] | |
| # import pkcs12 into existing jks | |
| keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS | |
| #### Export certificate from JKS to PKCS12 | |
| # export a certificate by alias from a keystore | |
| keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks | |
| # convert proprietary jks format to pkcs12 format which then | |
| # can be processed by openssl | |
| keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias <jkskeyalias> -deststorepass <password> -destkeypass <password> | |
| #### Convert Certificate from PFX to JKS | |
| # without alias | |
| keytool -importkeystore -srckeystore <keystore>.pfx -srcstoretype pkcs12 -destkeystore <new_keystore>.jks -deststoretype jks | |
| # with alias | |
| keytool -importkeystore -srckeystore <SRCKEYSTORENAME>.pfx -srcstoretype pkcs12 -srcalias <SRCALIAS> -destkeystore <DESTKEYSTORENAME>.jks -deststoretype jks -destalias <DESTALIAS> | |
| #### Delete | |
| # delete a certificate from the keystore | |
| keytool -delete -noprompt -alias ${cert.alias} -keystore ${keystore.file} -storepass ${keystore.pass} | |
| #### Change Password | |
| keytool -storepasswd -keystore <keystore>.jks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment