Tuesday, April 1, 2014

Java Key Store Commands

Common Keytool Commands

Following table lists keytool commands you use when creating and using JKS keystores with WebLogic Server.
Table  Commonly Used keytool Commands 
keytool -genkey -keystore keystorename -storepass keystorepassword
Generates a new private key entry and self-signed digital certificate in a keystore. If the keystore does not exist, it is created.
keytool -import -alias aliasforprivatekey
privatekeyfilename.pem-keypass privatekeypassword-keystore keystorename -storepass keystorepassword
Updates the self-signed digital certificate with one signed by a trusted CA.
keytool -import -alias rootCA -trustcacerts -file RootCA.pem -keystore trust.jks -storepass keystorepassword
keytool -import -alias intermediate -trustcacerts -file Intermediate.pem -keystore keystorename -storepasskeystorepassword
Creates a custom keystore to be used for holding an intermediate CA certificate.
  •  The first keytool command creates the keystore, trust.jks, which holds the root CA certificate.
  •  The second keytool command imports the intermediate CA certificate into trust.jks.
This enables WebLogic Server’s SSL implementation to transmit the intermediate certificate with the server’s public certificate to the client during the SSL handshake.
keytool -import -alias aliasfortrustedca -trustcacerts -file trustedcafilename.pem -keystore keystorename -storepass keystorepassword
Loads a trusted CA certificate into a keystore. If the keystore does not exist, it is created.
keytool -certreq -alias alias
 sigalg-file certreq_file-keypass privatekeypassword-storetype keystoretype-keystore keystorename-storepass keystorepassword
Generates a Certificate Signing Request (CSR), using the PKCS#10 format, and a self-signed certificate with a private key.
Stores the CSR in the specified certreq_file, and the certificate/private key pair as a key entry in the specified keystore under the specified alias.
keytool -list -keystore keystorename
Displays what is in the keystore.
keytool -delete -keystore keystorename -storepass keystorepassword -alias privatekeyalias
Deletes the entry identified by the specified alias from the keystore.
keytool -help
Provides online help for keytool.

1 comment:

  1. Hello Harvinder.. I have a question..

    I am developing a model on OSB with EJB transport. I have a remote ejb and I can able to access it through ejb client from proxy service. I have few methods that EJB was implementing. Now, I want to secure my proxy service (I am thinking of UserNameToken policy). My question is depending on the username can we give access to the users? For example there are 10 methods in EJB, if User A calls the proxy service he can access all the 10 methods, if User B calls the proxy service he can access 1-5 methods and User C can access 6-10 methods. Is there any way that I can implement this in OSB? Please help me. Thanks in advance..


ForgeRock: Open AM. Install Open AM 5.5 with Tomcat 8.0 - Part 1- Install Tomcat

This BLOG thread discusses on steps to install and configure Open AM 5.5 with Tomcat 8.0. Install Tomcat. You can always find the l...