Generating Public Key From Keystore Keytool In Windows
by admin
Generating Public Key From Keystore Keytool In Windows Rating: 5,9/10 9562 votes
- Generating Public Key From Keystore Keytool In Windows 8 1
- How To Create Java Keystore
- Generating Public Key From Keystore Keytool In Windows Xp
Tells keytool to generate a public-private key pair.keystore Specifies the path and file name of the keystore to be created (if it does not already exist) or to be added to (if it already exists). A keystore is a file that contains one or more public-private key pairs. Apr 05, 2020 What is java Keytool? Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. It also allows users to cache certificates. Java Keytool stores the keys and certificates in what is called a keystore. By default the Java keystore is implemented as a file.
- Navigation
- Main Page
- Community portal
- Current events
- Recent changes
- Random page
- Help
- Toolbox
- Page information
- Permanent link
- Printable version
- Special pages
- Related changes
- What links here
{{#eclipseproject:technology.higgins}}1. To generate a keystore, you need a JDK installed with its /bin directory in your path
2. Create a keystore using this command:
Generating Public Key From Keystore Keytool In Windows 8 1
keytool will ask you to enter the values for Common Name (CN), Organizational Unit (OU), Oranization(O), Locality (L), State (S) and Country (C). CN should match the domain name of your webapp if you are planning to use this keystore for your servlet container
You can verify keystore contents using this command:
3. Generate the Certificate Signing Request (CSR) using this command:
Submit contents of csr-for-myserver.pem file to your CA for signing
You can get a trial certificate from Thawte at https://www.thawte.com/cgi/server/try.exe
4. Save the signed certificate from CA to a file signed-cert.pem
You can see the contents of the signed certificate using this command:
5. Download Root certificate from CA. You can download Thawte Test Root Certificate from http://www.thawte.com/roots/.
6. Import Root Certificate to keystore using this command:
where root-cert.pem is the Root Certificate from CA
7. Verify contents of keystore using this command:
How To Create Java Keystore
8. Import CA signed certificate to keystore
9. Verify contents of keystore using this command:
The most important thing you want to see is that, under the private key alias, additional information is being displayed. You're looking for this:
How to import existing .key and .crt into .jks
Assume you have an existing .key and .crt from your Apache configuration.
You do this:
1. You convert the private key into PKCS#8 format:
2. Since the stupid Java keytool doesn't allow you to import private keys, you download this tool:
3. Now you can import the key into the Java Keystore:
4. Now you have the Java Keystore:
5. Delete the tmpfile:
Links
Retrieved from 'https://wiki.eclipse.org/index.php?title=Generating_a_Private_Key_and_a_Keystore&oldid=126908'
Introduction
This article covers the creation of a new Java keystore using Java keytool.
Process
You can watch the video below for a tutorial.
Or, you can check the step by step guidelines below.
1. Create a new keystore:
Open a command prompt in the same directory as Java keytool; alternatively, you may specify the full path of keytool in your command. Pay close attention to the alias you specify in this command as it will be needed later on.keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 2048
2. Generate a CSR based on the new keystore:keytool -certreq -alias mydomain -keystore KeyStore.jks -file mydomain.csr
Answer each question when prompted. Use the chart below to guide you through the process:
Generating Public Key From Keystore Keytool In Windows Xp
| Field | Example |
|---|---|
| First & Last Name | Domain Name for SSL Certificates Entity Name for Code Signing |
| Organizational Unit | Support (Optional, e.g. a department) |
| Organization | GMO GlobalSign Inc (Entity's Legal Name) |
| City / Locality | Portsmouth (Full City name) |
| State / Province | New Hampshire (Full State Name) |
| Country Code | US (2 Letter Code) |
Confirm or reject the details by typing 'Yes' or 'No' and pressing Enter
Press Enter to use the same password as the keystore, alternatively specify a separate password and press enter.
You should now have a file called mydomain.csr which can be used to order or reissue a digital certificate from GlobalSign.
3. While the order processes, download the root & intermediate certificates for your order. You can identify the correct root & intermediate certificate based on hash algorithm and product type.
4. Import the root & intermediate certificates into your keystore. Import the root certificate first, followed by the intermediate. Make sure you specify the correct alias of 'root' and 'intermediate' respectively.keytool -import -trustcacerts -alias root -file root.crt -keystore KeyStore.jkskeytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jks
5. Download & import your new certificate
Download your new certificate; save it as mydomain.crt.
Use the same alias as the private key so it associates them together. The alias here must match the alias of the private key in the first command.keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore KeyStore.jks
The keystore is now complete and can be used for signing code or deploying on a Java based web server depending on the product you ordered.