Back to All Commands
Most Viewed
Favorites
Recently Viewed

java-keytool

Key Generation 1 Keystore Management 4 Certificate Management 4 Password Management 2

java-keytool Commands

Key Generation

keytool -genkeypair

Generate a key pair (private key and associated public key certificate).

keypair certificate generation 

keytool -genkeypair
Examples:
Generate RSA key pair 
keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -validity 365 -keystore keystore.jks
Generate with specific algorithm 
keytool -genkeypair -alias server -keyalg RSA -keysize 4096 -validity 730 -keystore server.jks

Keystore Management

keytool -list

List the contents of a keystore.

list keystore contents 

keytool -list
Examples:
List keystore contents 
keytool -list -keystore keystore.jks
List with verbose output 
keytool -list -v -keystore keystore.jks
List specific alias 
keytool -list -alias mykey -keystore keystore.jks
keytool -delete

Delete an entry from a keystore.

delete remove entry 

keytool -delete
Examples:
Delete entry 
keytool -delete -alias mykey -keystore keystore.jks
keytool -changealias

Change the alias of an entry in a keystore.

alias rename change 

keytool -changealias
Examples:
Change alias 
keytool -changealias -alias oldname -destalias newname -keystore keystore.jks
keytool -importkeystore

Import one or all entries from another keystore.

import keystore migration 

keytool -importkeystore
Examples:
Import all entries 
keytool -importkeystore -srckeystore old.jks -destkeystore new.jks
Import specific entry 
keytool -importkeystore -srckeystore old.jks -destkeystore new.jks -srcalias mykey -destalias mykey

Certificate Management

keytool -import

Import a certificate or certificate chain into a keystore.

import certificate trust 

keytool -import
Examples:
Import certificate 
keytool -import -alias mycert -file certificate.crt -keystore keystore.jks
Import CA certificate 
keytool -import -alias cacert -file ca.crt -keystore keystore.jks -trustcacerts
keytool -export

Export a certificate from a keystore.

export certificate extract 

keytool -export
Examples:
Export certificate 
keytool -export -alias mykey -file mycert.crt -keystore keystore.jks
Export in RFC format 
keytool -export -alias mykey -file mycert.crt -keystore keystore.jks -rfc
keytool -printcert

Print the content of a certificate.

print certificate view 

keytool -printcert
Examples:
Print certificate 
keytool -printcert -file certificate.crt
Print certificate in RFC format 
keytool -printcert -file certificate.crt -rfc
keytool -certreq

Generate a certificate signing request (CSR).

csr request signing 

keytool -certreq
Examples:
Generate CSR 
keytool -certreq -alias mykey -file request.csr -keystore keystore.jks

Password Management

keytool -keypasswd

Change the key password of an entry in a keystore.

password key change 

keytool -keypasswd
Examples:
Change key password 
keytool -keypasswd -alias mykey -keystore keystore.jks
keytool -storepasswd

Change the password of a keystore.

password keystore change 

keytool -storepasswd
Examples:
Change keystore password 
keytool -storepasswd -keystore keystore.jks