{"id":1146,"date":"2009-09-16T22:16:52","date_gmt":"2009-09-17T03:16:52","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=1146"},"modified":"2020-01-28T15:39:56","modified_gmt":"2020-01-28T20:39:56","slug":"java-key-store-jks","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=1146","title":{"rendered":"Java Key Store (jks)"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tKey Store<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tGenerate Private Key<\/a>\n\t\t\t<\/li>\n\t\t\t
    2. \n\t\t\t\tInspect keys<\/a>\n\t\t\t<\/li>\n\t\t\t
    3. \n\t\t\t\tGenerate CSR<\/a>\n\t\t\t<\/li>\n\t\t\t
    4. \n\t\t\t\tImport Signed Cert<\/a>\n\t\t\t<\/li>\n\t\t\t
    5. \n\t\t\t\tDelete a Key<\/a>\n\t\t\t<\/li>\n\t\t\t
    6. \n\t\t\t\tTransfer Private Key from One Keystore to Another<\/a>\n\t\t\t<\/li>\n\t\t\t
    7. \n\t\t\t\tPrint cert used by a remote site<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    8. \n\t\tReferences<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
       <\/div>\n

      Key Store<\/h2><\/span>\n

      Generate Private Key<\/h3><\/span>\n

      * Generate a self-signed keypair with:
      \n– alias: myhost
      \n– CN: CN=myhost.mytest.local, OU=Lab, O=My Test, L=Reston, S=Virginia, C=US
      \n– key algorithm: RSA
      \n– key size: 2048
      \n– signature algorithm: SHA1withRSA
      \n– valid for: 360 days
      \n– protected by password: secret
      \n* Stored in a Java key store file:
      \n– named: myhost.jks
      \n– with password: secret<\/p>\n

      keytool -genkey -alias myhost -keyalg RSA -sigalg SHA1withRSA -keysize 2048 -keystore myhost.jks -storepass secret -keypass secret -dname \"CN=myhost.mytest.local, OU=Lab, O=My Test, L=Reston, S=Virginia, C=US\" -validity 360\n<\/pre>\n
      Inspect keys<\/h3><\/span>\n
      * Print out details about key with alias myhost<\/em><\/p>\n
      keytool -list -v -alias myhost -keystore myhost.jks\n<\/pre>\n
      Generate CSR<\/h3><\/span>\n
      keytool -certreq -alias myhost -sigalg SHA1withRSA -file myhost.csr -keystore myhost.jks\n<\/pre>\n
      Import Signed Cert<\/h3><\/span>\n
      * Need to append ca_root.cer<\/em> to signed.cer<\/em> so that both can be imported at once.<\/p>\n
      keytool -import -v -keystore myhost.jks -alias myhost -storepass secret -file signed.cer\n<\/pre>\n
      Delete a Key<\/h3><\/span>\n
      keytool -delete -alias myhost -keystore myhost.jks -storepass secret \n<\/pre>\n
      Transfer Private Key from One Keystore to Another<\/h3><\/span>\n
      keytool -importkeystore -srckeystore srckeystore.jks -srcstorepass changeit -srckeypass changeit -destkeystore destkeystore.jks -deststorepass changeit -destkeypass changeit -alias test\n\n<\/pre>\n
      Print cert used by a remote site<\/h3><\/span>\n
      keytool -printcert -sslserver $host[:$port]\nkeytool -printcert -sslserver www.google.com:443\n\n# Output RFC format (cert files)\nkeytool -printcert -rfc -sslserver www.google.com:443<\/pre>\n
      References<\/h2><\/span>\n
      * Java 7 keytool – Key and Certificate Management Tool<\/a>
      \n*       The Most Common Java Keytool Keystore Commands<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
      Key Store Generate Private Key * Generate a self-signed keypair with: – alias: myhost – CN: CN=myhost.mytest.local, OU=Lab, O=My Test, L=Reston, S=Virginia, C=US – key algorithm: RSA – key size: 2048 – signature algorithm: SHA1withRSA – valid for: 360 days … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[14,55],"tags":[155],"class_list":["post-1146","post","type-post","status-publish","format-standard","hentry","category-java","category-ssl","tag-keystore"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-iu","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1146"}],"version-history":[{"count":5,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1146\/revisions"}],"predecessor-version":[{"id":12392,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1146\/revisions\/12392"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}