Tuesday, April 1, 2014

Java Key Store Commands

Common Keytool Commands

Following table lists keytool commands you use when creating and using JKS keystores with WebLogic Server.
 
Table  Commonly Used keytool Commands 
Command
Description
keytool -genkey -keystore keystorename -storepass keystorepassword
Generates a new private key entry and self-signed digital certificate in a keystore. If the keystore does not exist, it is created.
keytool -import -alias aliasforprivatekey
-file 
privatekeyfilename.pem-keypass privatekeypassword-keystore keystorename -storepass keystorepassword
Updates the self-signed digital certificate with one signed by a trusted CA.
keytool -import -alias rootCA -trustcacerts -file RootCA.pem -keystore trust.jks -storepass keystorepassword
keytool -import -alias intermediate -trustcacerts -file Intermediate.pem -keystore keystorename -storepasskeystorepassword
Creates a custom keystore to be used for holding an intermediate CA certificate.
  •  The first keytool command creates the keystore, trust.jks, which holds the root CA certificate.
  •  The second keytool command imports the intermediate CA certificate into trust.jks.
This enables WebLogic Server’s SSL implementation to transmit the intermediate certificate with the server’s public certificate to the client during the SSL handshake.
keytool -import -alias aliasfortrustedca -trustcacerts -file trustedcafilename.pem -keystore keystorename -storepass keystorepassword
Loads a trusted CA certificate into a keystore. If the keystore does not exist, it is created.
keytool -certreq -alias alias
-sigalg
 sigalg-file certreq_file-keypass privatekeypassword-storetype keystoretype-keystore keystorename-storepass keystorepassword
Generates a Certificate Signing Request (CSR), using the PKCS#10 format, and a self-signed certificate with a private key.
Stores the CSR in the specified certreq_file, and the certificate/private key pair as a key entry in the specified keystore under the specified alias.
keytool -list -keystore keystorename
Displays what is in the keystore.
keytool -delete -keystore keystorename -storepass keystorepassword -alias privatekeyalias
Deletes the entry identified by the specified alias from the keystore.
keytool -help
Provides online help for keytool.


1 comment:

  1. Hello Harvinder.. I have a question..

    I am developing a model on OSB with EJB transport. I have a remote ejb and I can able to access it through ejb client from proxy service. I have few methods that EJB was implementing. Now, I want to secure my proxy service (I am thinking of UserNameToken policy). My question is depending on the username can we give access to the users? For example there are 10 methods in EJB, if User A calls the proxy service he can access all the 10 methods, if User B calls the proxy service he can access 1-5 methods and User C can access 6-10 methods. Is there any way that I can implement this in OSB? Please help me. Thanks in advance..

    ReplyDelete

ForgeRock IAM : OpenDS (Open Directory Server). Importing LDIF files

The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the ...