keytool – keystore certyfikaty

Generowanie certyfikatu:

keytool -genkey -alias NAZWA_ALIASU -keyalg RSA -validity ILOSC_DNI -keypass HASLO_DO_KLUCZA -storepass HASLO_DO_KEYSTORE -keystore NAZWA_KEYSTORE.jks

Listowanie certyfikatów:

keytool -list -alias NAZWA_ALIASU -keystore NAZWA_KEYSTORE.keystore -storepass HASLO -keypass HASLO -v

Eksport certyfikatu:

keytool -export -alias NAZWA_ALIASU -file NAZWA_CERTYFIKATU.crt -keystore NAZWA_KEYSTORE.keystore

JKS SSL

Generowanie JKS na podstawie CER

a) Creating Client Public and Private Key in Client keystore and Server Public and Private key in Server Keystore
keytool -genkey -alias clientX509v1 -keypass storepassword -storetype jks -storepass storepassword -validity 3650 -keyAlg RSA -keystore client-keystore.jks
keytool -genkey -alias serverX509v1 -keypass storepassword -storetype jks -storepass storepassword -validity 3650 -keyAlg RSA -keystore server-keystore.jks

b) Exporting clients public key to an external file and servers public key to an external file
keytool -export -alias clientX509v1 -file client-certfile.csr -keystore client-keystore.jks -storepass storepassword -keyAlg RSA
keytool -export -alias serverX509v1 -file server-certfile.csr -keystore server-keystore.jks -storepass storepassword -keyAlg RSA

c) Import the clients public certificate from the external file to server trust store and servers public certificate to the client trust store
keytool -import -noprompt -alias clientX509v1 -file client-certfile.csr -storepass storepassword -keystore server-truststore.jks -storetype JKS
keytool -import -noprompt -alias serverX509v1 -file server-certfile.csr -storepass storepassword -keystore client-truststore.jks -storetype JKS

Dodatkowo linki:

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

http://shib.kuleuven.be/docs/ssl_commands.shtml

http://blogs.sun.com/swchan/entry/how_to_use_verisign_cert