Sun Microsystems 820433510

■Createa self-signed certicate in a keystore of type JKS using an RSA key algorithm. RSA is

public-keyencryption technology developed by RSA Data Security, Inc. The acronym

standsfor Rivest, Shamir, and Adelman, the inventors of the technology.

keytool -genkey -noprompt -trustcacerts -keyalg RSA -alias ${cert.alias}

-dname ${dn.name} -keypass ${key.pass} -keystore ${keystore.file}

-storepass ${keystore.pass}

Anotherexample of creating a certicate is shown in “Generating a Certicate Using the

keytoolUtility” on page 114.

■Createa self-signed certicate in a keystore of type JKS using the default key algorithm.

keytool -genkey -noprompt -trustcacerts -alias ${cert.alias} -dname

${dn.name} -keypass ${key.pass} -keystore ${keystore.file} -storepass

${keystore.pass}

Anexample of signing a certicate is shown in “Signing a Digital Certicate Using the

keytoolUtility” on page 115

■Displayavailable certicates from a keystore of type JKS.

keytool -list -v -keystore ${keystore.file} -storepass ${keystore.pass}

■Displaycerticate information from a keystore of type JKS.

keytool -list -v -alias ${cert.alias} -keystore ${keystore.file}

-storepass ${keystore.pass}

■Importan RFC/text-formatted certicate into a JKS store. Certicates are often stored using

theprintable encoding format dened by the Internet RFC (Request for Comments) 1421

standardinstead of their binary encoding. This certicate format, also known as Base 64

encoding,facilitates exporting certicates to other applications by email or through some

othermechanism.

keytool -import -noprompt -trustcacerts -alias ${cert.alias} -file

${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass}

■Exporta certicate from a keystore of type JKS in PKCS7 format. The reply format dened

bythe Public Key Cryptography Standards #7, Cryptographic Message Syntax Standard,

includesthe supporting certicate chain in addition to the issued certicate.

keytool -export -noprompt -alias ${cert.alias} -file ${cert.file}

-keystore ${keystore.file} -storepass ${keystore.pass}

■Exporta certicate from a keystore of type JKS in RFC/text format.

keytool -export -noprompt -rfc -alias ${cert.alias} -file

${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass}

■Deletea certicate from a keystore of type JKS.

UsingJavaSecure Socket Ex tension( JSSE)Tools

Chapter9 • Conguring Security 113