keytool command in Java is a tool for managing certificates into keyStore and trustStore which is
used to store certificate and requires during SSL handshake process. By using keytool
command you can do many things but some of the most common operation is
viewing certificate stored in keystore, importing
new certificates into keyStore, delete any certificate from keystore etc.
For those who are not familiar keyStore, trustStore and SSL Setup for Java
application , Here is a brief overview on What is a trustStore and keyStore
in Java. Both trustStore and keyStrore is used to store certificate signed
by signer authority or CA (Certificate authority), with keyStore additionally
storing personal certificate for client which is used during client
authentication on SSL handshake process if its enable. In this article we
will see some basic example of keytool command in Java to find how many
certificates we have in keyStore , viewing those certificates, adding new
certificates and deleting old certificates from keyStore or trustStore in Java.
How to use keytool command in Java
Following are some most common or frequently
used example of keytool command which comes when you installed JDK. just type keytool command in your command prompt and it will show lot of command line option if your PATH is set correctly for Java. If Path is not set properly it will complain that not able to find keytool command. Don't worry you just need to add JAVA_HOME/bin directory in your path to get keytool command working.
keytool
command to find how many certificates are in keyStore:
This is the first example of keytool command
which will show you how many certificates are stored in trustStore or keyStore
file :
test@nykdev32:/cygdrive/c/Program
Files/Java/jdk1.6.0_26/jre/lib/security keytool -list -keystore jssecacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 81 entries
digicertassuredidrootca, 07/01/2008,
trustedCertEntry,
Certificate fingerprint (MD5):
87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
trustcenterclass2caii, 07/01/2008,
trustedCertEntry,
above keytool command shows that default keystore jssecacerts, which
comes along with JRE and present in JAVA_HOME
directory on path JAVA_HOME/JRE/lib/security, has 81 certificates in it and keyStore type
is JKS which stands for Java Key Store. One of those certificates are from digicert
Now if you want to see details of certificates e.g. Common name (CN) and
other attribute you can use following keytool command to view details of
certificates stored in keyStore in Java :
keytool
command to view certificate details from keyStore :
test@nykdev32:/cygdrive/c/Program
Files/Java/jdk1.6.0_26/jre/lib/security keytool -list -v -keystore jssecacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 81 entries
Alias name: digicertassuredidrootca
Creation date: 07/01/2008
Entry type: trustedCertEntry
Owner: CN=DigiCert Assured ID Root CA,
OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
Serial number:
ce7e0e517d846fe8fe560fc1bf03039
Valid from: Thu Nov 09 20:00:00 VET 2006
until: Sun Nov 09 19:30:00 VET 2031
Certificate fingerprints:
MD5:
87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
SHA1:
05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
Signature algorithm name: SHA1withRSA
Version: 3
Now if you want to import any certificate into this keystore you can use
following keytool command :
keytool
command for adding certificate in keystore and trustStore :
keytool -import -alias
adding_certificate_keystore -file
self.cer -keystore jssecacerts
this will print certificate details and prompt you to accept the
certificate, once you confirm that by typing Yes, certificate will be added
into your keyStore. For verification purpose you can re run previous keytool
command to get total number of certificate in keystore. For example if we run
following keytool command , it should print 82 certificates in keyStore :
test@nykdev32:/cygdrive/c/Program
Files/Java/jdk1.6.0_26/jre/lib/security keytool -list -keystore jssecacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 82 entries
Another useful keytool command option is -printcert which prints
details of a certificate stored in .cer file :
~/ keytool -printcert -file test.cer
That's all on some basic keytool
command example for viewing and adding certificates into keystore
and trustStore in Java. I still prefer a GUI tool for creating keystore and
managing certificates but keytool is good alternative because its comes along
with JDK installation and available in most places.
Java Tutorials from java67 blog
keytool command to list or view certificate is the what I was familiar before reading this tutorial.
ReplyDeleteThanks for your grateful informations, this blogs will be really help for SQL tutorial.
ReplyDelete