Generate Public Key From Private Key Keytool Rating: 6,7/10 3997 votes

To Use keytool to Create a ServerCertificate

Run keytool to generate a new key pair in the defaultdevelopment keystore file, keystore.jks. This exampleuses the alias server-alias to generate a new public/privatekey pair and wrap the public key into a self-signed certificate inside keystore.jks. The key pair is generated by using an algorithm oftype RSA, with a default password of changeit. For moreinformation and other examples of creating and managing keystore files, readthe keytool online help at http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.

  1. First export the key: keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12. For apache ssl certificate file you need certificate only: openssl pkcs12 -in keystore.p12 -nokeys -out mykeystore.crt. For ssl key file you need only keys: openssl pkcs12 -in keystore.p12 -nocerts -nodes -out mystore.key.
  2. Sep 01, 2014  Generating Private and Public Key using keytool in Java In this post. Let's see how we can generate private and public key using keytool command line interface which comes bundled with Java. The various options of keytool can be seen with following command.
Note –

RSA is public-key encryption technology developed by RSA DataSecurity, Inc.

Extracting public and private keys from a Java Key Store (JKS) Using the keytool utility, it is easy to extract the public key of an already created “public-private” key pair, which is stored in a. Press generate and follow instructions to generate (public/private) key pair. Create a new 'authorizedkeys' file (with Notepad): Copy your public key data from the 'Public key for pasting into OpenSSH authorizedkeys file' section of the PuTTY Key Generator, and paste the key data to the 'authorizedkeys' file. Certificates, JKS, public and private keys, PEMs. Table of Contents. Additional Resources. Generate public and private keys. Create client JKS from pem files. Remove a passphrase from a private key. Generate self signed certs for MTLS and create a java keystore out of them. Configure nginx with SSL certs. Create PKCS 12 file using your private key and CA signed certificate of it. You can use openssl command for this. Create JKS file using keytool command. Step 3 (Optional). Changing the password of private key file in keystore. More details from here as well. Step 4 (Optional).

From the directory in which you want to create the key pair, run keytool as shown in the following steps.

  1. Generate the server certificate.

    Type the keytool command all on one line:


    When you press Enter, keytool prompts you to enterthe server name, organizational unit, organization, locality, state, and countrycode.

    You must type the server name in response to keytool’sfirst prompt, in which it asks for first and last names. For testing purposes,this can be localhost.

    When you run the example applications, the host (server name) specifiedin the keystore must match the host identified in the javaee.server.name property specified in the file tut-install/examples/bp-project/build.properties.

  2. Export the generated server certificate in keystore.jks intothe file server.cer.

    Type the keytool commandall on one line:


  3. If you want to have the certificate signed by a CA, read the exampleat http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.

  4. To add the server certificate to the truststore file, cacerts.jks, run keytool from the directory where you createdthe keystore and server certificate.

    Use the following parameters:


    Information on the certificate, such as that shown next, will appear:


  5. Type yes, then press the Enter or Return key.

    The following information appears:


Steps to generate self-signed PKCS#12 SSL certificate and export its keys:

1- Create PKCS#12 keystore (.p12 or .pfx file)

  • myKeystore.p12 = keystore filename. It can with .pfx extension as well.
  • MY_PASSWORD = password used for the keystore and the private key as well.
  • CN = commonName, it will be shown as certiciate name in certificates list.
  • OU = organizationUnit, department name for example.
  • O = organizationName, the company name.
  • L = localityName, the city.
  • S = stateName, the state.
  • C = country, the 2-letter code of the country.

Note: This step can be done using openssl but it's more complicated.

2- Create the public certificate (has the header -----BEGIN CERTIFICATE-----):

Using keytool:

Or using openssl:

Note: Import public-certificate.pem into browsers to trust it. Add it to 'Trusted Root Certification Authorities' certificate store.

Keytool Generate Public Key From Private Key

3- Export the private key (has the header -----BEGIN PRIVATE KEY-----):

Generate Public Key From Private Key Keytool Windows 10

4- Export the public key from the private key (has the header -----BEGIN PUBLIC KEY-----):