...
| 펼치기 |
|---|
- Generate a Java keystore and key pair
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 - Generate a certificate signing request (CSR) for an existing Java keystore
keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr - Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks - Import a signed primary certificate to an existing Java keystore
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks - Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytoolfor more info)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
|
If you need to check the information within a certificate, or Java keystore, use these commands.
| 펼치기 |
|---|
- Check a stand-alone certificate
keytool -printcert -v -file mydomain.crt - Check which certificates are in a Java keystore
keytool -list -v -keystore keystore.jks - Check a particular keystore entry using an alias
keytool -list -v -keystore keystore.jks -alias mydomain
|
Export a cert from one keystore to another as a trusted CA cert
| 펼치기 |
|---|
- Export the cert from the first keystore (it can be a cert/key pair or a trusted CA cert)
keytool -exportcert -rfc -keystore keystore1.jks -storepass changeit -alias aliastoexport -file aliastoexport.pem
- Import the cert into the second keystore
keytool -importcert -file aliastoexport.pem -keystore keystore2.jks -storepass changeit -alias aliastoexport -trustcacerts -noprompt
|
...