Table of Contents generated with DocToc
- GUI alternatives to keytool
- List JKS content
- Import a certificate into a JKS keystore
- Export a certificate from a JKS keystore
- Export a PKCS12 from a JKS keystore
- Import a certificate with private key into a JKS keystore
- Misc
keytool -list [-v] -keystore <keystore.jks>
keytool -importcert -keystore <keystore> -alias <alias> -file <certificate_file>.crt.pem
keytool -importcert -keystore foo.jks -alias bar -file bar.crt.pem
keytool -exportcert -keystore <keystore> -alias <alias> -file <certificate_file> [-rfc]
If -rfc is used, the certificat will be exported in base64 PEM encoded format, otherwise it will be binary DER encoded format.
keytool -exportcert -keystore foo.jks -alias bar -file bar.crt.pem -rfc
keytool -importkeystore \
-srckeystore <JKS keystore> -destkeystore <PKCS12 keysore> \
-srcstoretype JKS -deststoretype PKCS12 \
-srcalias <alias to export> -destalias <exported alias> \
[-srcstorepass <src keystore password>] \
[-deststorepass <dest keystore password>] \
[-srckeypass <src key password>] \
[-destkeypass <dest key password>]
keytool -importkeystore \
-srckeystore foo.jks -destkeystore foo.p12 \
-srcstoretype JKS -deststoretype PKCS12 \
-srcalias bar -destalias bar
Note: certificate and private key must be in a PKCS12 (.pfx/.p12) keystore (see openssl for creating a PKCS12 with a certificate and private key).
keytool -importkeystore \
-srckeystore <PKCS12 keystore> -srcstoretype pkcs12 -srcalias <alias>\
-destkeystore <JKS keystore> -destalias <alias>
keytool -importkeystore \
-srckeystore foo.pfx -srcstoretype pkcs12 -srcalias foo\
-destkeystore foo.jks -destalias foo
keytool -J-Duser.language=en -list -keystore <keystore file>