Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytoolfor more info).Import a signed primary certificate to an existing Java keystore keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks.Import a root or intermediate CA certificate to an existing Java keystore keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks.
Generate a certificate signing request (CSR) for an existing Java keystore keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr.Generate a Java keystore and key pair keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048.Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain. These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. If you need to buy a certificate, try to compare SSL with our SSL Wizard.īelow, we have listed the most common Java Keytool keystore commands and their usage: Java Keytool Commands for Creating and Importing Note: For easier management of your Java Keystores (using a GUI) check out Portecle. Java Keytool also several other functions that allow you to view the details of a certificate or list the certificates contained in a keystore or export a certificate. Then you will import the certificate to the keystore including any root certificates. You will then generate a CSR and have a certificate generated from it. jks file that will initially only contain the private key. When creating a Java keystore you will first create the. A Keytool keystore contains the private key and any certificates necessary to complete a chain of trust and establish the trustworthiness of the primary certificate.Įach certificate in a Java keystore is associated with a unique alias. It protects private keys with a password. By default the Java keystore is implemented as a file. Java Keytool stores the keys and certificates in what is called a keystore. It also allows users to cache certificates. It allows users to manage their own public/private key pairs and certificates. Java Keytool is a key and certificate management utility.