keytool command in Java is a tool for managing certificates intokeyStore and trustStore which is used to store
certificate and requires during SSL handshake process. By using keytool
command you
can do many things but some of the most common operation is viewing certificate
stored in keystore, importing new certificates into keyStore,
delete any certificate from keystore etc. For those who are not familiar
keyStore, trustStore and SSL Setup for Java application , Here is a brief
overview on What
is a trustStore and keyStore in Java. Both trustStore andkeyStrore is used to store certificate signed by signer
authority or CA (Certificate authority), with keyStore additionally storing
personal certificate for client which is used during client authentication on
SSL handshake process if its enable. In this article we will see some basic
example of keytool command in Java to find how many certificates we have in
keyStore , viewing those certificates, adding new certificates and deleting old
certificates from keyStore or trustStore in Java.
How to use keytool
command in Java
Following are some most
common or frequently
used example of keytool command which comes when you installed JDK.
just type keytool command in your command prompt and it will show lot of
command line option if your PATH is set correctly for Java. If Path is not
set properly it will complain that not able to find keytool command. Don't
worry you just need to add JAVA_HOME/bin directory in your path to get keytool
command working.
keytool
command to find how many certificates are in keyStore:
This
is the first example of keytool command which will show
you how many certificates are stored in trustStore or keyStore file :
test@nykdev32:/cygdrive/c/Program
Files/Java/jdk1.6.0_26/jre/lib/security keytool -list -keystore
jssecacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 81 entries
digicertassuredidrootca, 07/01/2008, trustedCertEntry,
Certificate fingerprint (MD5):
87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
trustcenterclass2caii, 07/01/2008, trustedCertEntry,
above
keytool command shows that default keystore jssecacerts, which comes along with JRE and present in JAVA_HOMEdirectory on path JAVA_HOME/JRE/lib/security, has
81 certificates in it and keyStore type is JKS which stands for Java Key Store.
One of those certificates are from digicert
Now
if you want
to see details of certificates e.g. Common
name (CN) and other attribute you can use following keytool command to view
details of certificates stored in keyStore in Java :
keytool
command to view certificate details from keyStore :
test@nykdev32:/cygdrive/c/Program
Files/Java/jdk1.6.0_26/jre/lib/security keytool -list -v -keystore jssecacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 81 entries
Alias name: digicertassuredidrootca
Creation date: 07/01/2008
Entry type: trustedCertEntry
Owner: CN=DigiCert Assured ID Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
Serial number:
ce7e0e517d846fe8fe560fc1bf03039
Valid from: Thu Nov 09 20:00:00 VET 2006 until: Sun Nov 09 19:30:00
VET 2031
Certificate fingerprints:
MD5: 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
SHA1:
05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
Signature algorithm name: SHA1withRSA
Version: 3
Now
if you want to import any certificate into this keystore you can use following
keytool command :
keytool
command for adding certificate in keystore and trustStore :
keytool -import -alias adding_certificate_keystore -file self.cer -keystore jssecacerts
this
will print certificate details and prompt you to accept the certificate, once
you confirm that by typing Yes, certificate will be added into your keyStore.
For verification purpose you can re run previous keytool command to get total
number of certificate in keystore. For example if we run following keytool
command , it should print 82 certificates in keyStore :
test@nykdev32:/cygdrive/c/Program
Files/Java/jdk1.6.0_26/jre/lib/security keytool -list -keystore jssecacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 82 entries
Another
useful keytool
command option is -printcert which prints details of a certificate
stored in .cer file :
~/ keytool -printcert -file test.cer
That's
all on some basic
keytool command example for viewing and adding certificates
into keystore and trustStore in Java. I still
prefer a GUI tool for creating keystore and managing certificates but keytool
is good alternative because its comes along with JDK installation and available
in most
places.
Java
Tutorials from java67 blog
No comments:
Post a Comment