Thursday, September 6, 2018

Keytool & OpenSSL handy commands

OpenSSL command to extract SSL host certificate


openssl s_client -servername <<servername>> -connect <<servername>>:<<portnumber>>


Java Keytool Commands for Creating and Importing

  • Generate a Java keystore and key pair
    keytool -genkey -alias mydomain -keyalg RSA -keystore keystorename.jks -keysize 2048
  • Generate a certificate signing request for an existing Java keystore
    keytool -certreq -alias domainname -keystore keystore.jks -file domainname.csr
  • Import a root or intermediate CA certificate to an existing Java keystore
    keytool -import -trustcacerts -alias root -file serverchain1.crt -keystore keystore.jks
  • Import a signed primary certificate to an existing Java keystore
    keytool -import -trustcacerts -alias mydomainname -file mydomainname.crt -keystore keystore.jks
  • keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

  • Check a stand-alone certificate
    keytool -printcert -v -file mydomain.crt
  • Check which certificates are in a Java keystore
    keytool -list -v -keystore keystore.jks
  • Check a particular keystore entry using an alias
    keytool -list -v -keystore keystore.jks -alias mydomain
  • Delete a certificate from a Java Keytool keystore
    keytool -delete -alias mydomain -keystore keystore.jks
  • Change a Java keystore password
    keytool -storepasswd -new new_storepass -keystore keystore.jks
  • Export a certificate from a keystore
    keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
  • List Trusted CA Certs
    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
  • Import New CA into Trusted Certs
    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

No comments:

Post a Comment