Harvinder Saluja's Springboot, OCI AWS, API, EIA, EISA, Data Science/Engineering and Dev/Ops BLOG

This BLOG focuses on "hands on approach" around AWS, OCI Oracle Cloud Infrastructure, Dev/Ops, MicroServices, OKTA, Oracle Fusion Middleware, Oracle Service Bus, Oracle AIA, Oracle SOA Suite, Oracle SOA Cloud/Developer Cloud, Oracle Identity Management including OID, OAM, OIM, OSSO, Oracle Big Data, WLST Scripts and Oracle Edifecs B2B Engine for HIPAA/HL7/X12/EDIFACT EDI., Kafka, Spark, Spring Boot, DevOps, AWS, GCP and Oracle Cloud

Tuesday, April 1, 2014

Java Key Store Commands

Common Keytool Commands

Following table lists keytool commands you use when creating and using JKS keystores with WebLogic Server.

Table Commonly Used keytool Commands
Command	Description
`keytool -genkey -keystore` `keystorename` `-storepass` `keystorepassword`	Generates a new private key entry and self-signed digital certificate in a keystore. If the keystore does not exist, it is created.
`keytool -import -alias` `aliasforprivatekey-file` `privatekeyfilename.pem-keypass` `privatekeypassword-keystore` `keystorename` `-storepass` `keystorepassword`	Updates the self-signed digital certificate with one signed by a trusted CA.
`keytool -import -alias` `rootCA` `-trustcacerts -file` `RootCA.pem` `-keystore trust.jks -storepass` `keystorepassword` `keytool -import -alias intermediate -trustcacerts -file` `Intermediate.pem` `-keystore` `keystorename` `-storepasskeystorepassword`	Creates a custom keystore to be used for holding an intermediate CA certificate. The first keytool command creates the keystore, `trust.jks`, which holds the root CA certificate. The second keytool command imports the intermediate CA certificate into `trust.jks`. This enables WebLogic Server’s SSL implementation to transmit the intermediate certificate with the server’s public certificate to the client during the SSL handshake.
`keytool -import -alias` `aliasfortrustedca` `-trustcacerts -file` `trustedcafilename.pem` `-keystore` `keystorename` `-storepass` `keystorepassword`	Loads a trusted CA certificate into a keystore. If the keystore does not exist, it is created.
`keytool -certreq -alias alias -sigalg` `sigalg-file` `certreq_file-keypass` `privatekeypassword-storetype` `keystoretype-keystore` `keystorename-storepass` `keystorepassword`	Generates a Certificate Signing Request (CSR), using the PKCS#10 format, and a self-signed certificate with a private key. Stores the CSR in the specified `certreq_file`, and the certificate/private key pair as a key entry in the specified keystore under the specified alias.
`keytool -list -keystore` `keystorename`	Displays what is in the keystore.
`keytool -delete -keystore` `keystorename` `-storepass` `keystorepassword` `-alias` `privatekeyalias`	Deletes the entry identified by the specified alias from the keystore.
`keytool -help`	Provides online help for keytool.