Sun Microsystems 820433510 manual Display certificate information from a keystore of type JKS

Using Java Secure Socket Extension (JSSE) Tools

■Create a self-signed certificate in a keystore of type JKS using an RSA key algorithm. RSA is public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technology.

keytool -genkey -noprompt -trustcacerts -keyalg RSA -alias ${cert.alias} -dname ${dn.name} -keypass ${key.pass} -keystore ${keystore.file} -storepass ${keystore.pass}

Another example of creating a certificate is shown in “Generating a Certificate Using the keytool Utility” on page 114.

■Create a self-signed certificate in a keystore of type JKS using the default key algorithm.

keytool -genkey -noprompt -trustcacerts -alias ${cert.alias} -dname

${dn.name} -keypass ${key.pass} -keystore ${keystore.file} -storepass ${keystore.pass}

An example of signing a certificate is shown in “Signing a Digital Certificate Using the keytool Utility” on page 115

■Display available certificates from a keystore of type JKS.

keytool -list -v -keystore ${keystore.file} -storepass ${keystore.pass}

■Display certificate information from a keystore of type JKS.

keytool -list -v -alias ${cert.alias} -keystore ${keystore.file} -storepass ${keystore.pass}

■Import an RFC/text-formatted certificate into a JKS store. Certificates are often stored using the printable encoding format defined by the Internet RFC (Request for Comments) 1421 standard instead of their binary encoding. This certificate format, also known as Base 64 encoding, facilitates exporting certificates to other applications by email or through some other mechanism.

keytool -import -noprompt -trustcacerts -alias ${cert.alias} -file ${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass}

■Export a certificate from a keystore of type JKS in PKCS7 format. The reply format defined by the Public Key Cryptography Standards #7, Cryptographic Message Syntax Standard, includes the supporting certificate chain in addition to the issued certificate.

keytool -export -noprompt -alias ${cert.alias} -file ${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass}

■Export a certificate from a keystore of type JKS in RFC/text format.

keytool -export -noprompt -rfc -alias ${cert.alias} -file

${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass}

■Delete a certificate from a keystore of type JKS.