java keytool - ghdrako/doc_snipets GitHub Wiki

keytool -keystore mycacerts -storepass changeit -importcert -file "C:\Users\cacerts.pem" -v
keytool -importcert -noprompt -keystore '/home/gke/deploy/acp-batch-ods-init-process-acp-TyPjEx/keystore.jks' -storepass '********' -file '/home/gke/deploy/acp-batch-ods-init-process-acp-TyPjEx/ODS_DB_KEY' -alias 'ODS_DB_KEY'  -storetype 'JKS'
keytool -keystore "E:\Program Files\Java\jdk1.6.0_11\jre\lib\security\cacerts" -list -storepass changeit

cd C:\Program Files\Java\jdk1.7.0_09\bin
keytool -exportcert -alias androiddebugkey -keystore "C:\Users\userName\.android\debug.keystore" -list -v

list the content of your keystore file (and alias name)

keytool -v -list -keystore /path/to/keystore
keytool -list -cacerts
keytool -list -keystore "$JAVA_HOME/jre/lib/security/cacerts"
keytool -v -list -keystore cacerts
keytool -v -list -keystore <FileName>.jks

show only specific alias

keytool -list -keystore /path/to/keystore -alias foo
keytool -list -v -keystore cacerts.jks | grep 'Alias name:' | grep -i foo

KeyStore Explorer open source visual tool to manage keystores.

Import certs to truststore

keytool -import -alias teiid -file public.cert -storetype JKS -keystore server.truststore
keytool -import -alias ca -file somecert.cer -keystore cacerts -storepass changeit

Import cert/key to keystore

Among free Oracle Javas, only later versions of j8 (with keystore.compat set in java.security) can read both JKS and P12 keystores without specifying the type. By default j7 and lower only do JKS, j9 and higher only P12.

With your private key and public certificate, you need to create a PKCS12 keystore first, then convert it into a JKS.

  1. Create PKCS12 keystore from private key and public certificate.
openssl pkcs12 -export -in [my_certificate.crt] -inkey [my_key.key] \
               -out [keystore.p12] -name [new_alias] -CAfile [my_ca_bundle.crt] \
               -caname root
  1. Convert PKCS12 keystore into a JKS keystore

keytool -importkeystore -deststorepass [new_keystore_pass] \
        -destkeypass [new_key_pass] -destkeystore [keystore.jks] \
        -srckeystore [keystore.p12] -srcstoretype PKCS12 \
        -srcstorepass [pass_used_in_p12_keystore] \
        -alias [alias_used_in_p12_keystore]

You may skip password in first step and set password in second step as "" i.e. -srcstorepass ""

⚠️ **GitHub.com Fallback** ⚠️