Generate jks file in Java
A Java KeyStore (JKS)
is a repository of security certificates. If you install Java, open command
prompt and type “keytool” You will get help like following.
$ keytool Key and Certificate Management Tool Commands: -certreq Generates a certificate request -changealias Changes an entry's alias -delete Deletes an entry -exportcert Exports certificate -genkeypair Generates a key pair -genseckey Generates a secret key -gencert Generates certificate from a certificate request -importcert Imports a certificate or a certificate chain -importpass Imports a password -importkeystore Imports one or all entries from another keystore -keypasswd Changes the key password of an entry -list Lists entries in a keystore -printcert Prints the content of a certificate -printcertreq Prints the content of a certificate request -printcrl Prints the content of a CRL file -storepasswd Changes the store password of a keystore Use "keytool -command_name -help" for usage of command_name
Use following command
to create jks file.
keytool -genkey
-alias certificate1 -keyalg RSA -validity 7 -keystore keystore.jks
$ keytool -genkey -alias certificate1 -keyalg RSA -validity 7 -keystore keystore.jks Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Hari Krishna Gurram What is the name of your organizational unit? [Unknown]: Self learn Java What is the name of your organization? [Unknown]: Self learn Java What is the name of your City or Locality? [Unknown]: Bangalore What is the name of your State or Province? [Unknown]: Karnataka What is the two-letter country code for this unit? [Unknown]: IN Is CN=Hari Krishna Gurram, OU=Self learn Java, O=Self learn Java, L=Bangalore, ST=Karnataka, C=IN correct? [no]: y Enter key password for <certificate1> (RETURN if same as keystore password):
keytool takes some
information from you and generates certificate.
Extract public key from certificate
Use following command
to extract public key from certificate.
keytool -export -alias
certificate1 -keystore keystore.jks -rfc -file public.cert
$ keytool -export -alias certificate1 -keystore keystore.jks -rfc -file public.cert Enter keystore password: Certificate stored in file <public.cert> $ cat public.cert -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCSU4xEjAQBgNV BAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYDVQQKEw9TZWxmIGxlYXJuIEph dmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEcMBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJh bTAeFw0xNTA3MDMwNzA5MTlaFw0xNTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UE CBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2 YTEYMBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEgR3VycmFt MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU6r4+oYS77YJCLlhPBuxt 23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+qlxftYYcd8+EQp3AqT+mFc5bWy+ZwLG1Iy Uyh+eXLVYiv3FemM3YpKQidRGzbzizso3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95G S3uscWPkE6kn6Gou2FXuGNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOr V/Ad4olXQcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4nApG A89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIwDQYJKoZIhvcNAQEL BQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83e0m4qKBVPu0tdEbcLBru+5yvDcd9 sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqevGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWM H3m375fyRdS7mWDlPBJG8gA1Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzb UqlcLycohTOnh6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw 1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I= -----END CERTIFICATE-----
Extract private key from certificate
Step 1: Generate p12 file
$ keytool -v
-importkeystore -srckeystore keystore.jks -srcalias certificate1 -destkeystore
myp12file.p12 -deststoretype PKCS12
Enter destination
keystore password:
Re-enter new
password:
Enter source keystore
password:
[Storing
myp12file.p12]
Step 2: Extract private key from p12 file.
openssl pkcs12 -in
myp12file.p12 -out private.pem
$ openssl pkcs12 -in myp12file.p12 -out private.pem Enter Import Password: MAC verified OK Enter PEM pass phrase: Verifying - Enter PEM pass phrase: localhost:~ harikrishna_gurram$ cat private.pem Bag Attributes friendlyName: certificate1 localKeyID: 54 69 6D 65 20 31 34 33 35 39 31 32 38 38 36 37 37 30 Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,AD864ADA56589C21 aZZCBpITRNMbi3GkaUzD7jv3LzfLKw+PA2GjHU0y/sW8uXpxagyFf3nVBknOBjT6 pwq2K+1knqjx3/M4rVt04JmU6x2midLraTwdtmCtztmtDcL+XgJQG12hlIrSKHqo yQ3Nrx5WZsHwbz8M1nYHMCHW7rIgw+jLkNvIBLGyO4CpZiPKcb32UHqpK1MVA06o fkfDHjfwiWtRLnUpk49RsVHggJUf1DI/cEFeWEkR2O4LEjvSmhFeJMSDdl7xnSYR oKDDpL7ZSHDOEamkPhB5rvCgSUWsEvXnST/2bV5PlfvimbUJMNR38D804/CAPaOh oZiV/exEJ5QZVGSiB3erJQYJwj96Btr9MI4sIuVfrTkIm9QGia9wV9zw3rtbYP7u hddJRtJeuayApt5KUQfWg8GHbbwZYayPFMK7zUmEKMm9VLa1iBzMoiEsLBFToXKJ jWqirfWcjdEoapOhQTOPY6ut+EaFF7dgb+7vv2oJ+e3UPNMZnVU37tWPbHhhAQGk JHU0OsljGNLw3ISe8GkSTzTMu4Or0pPRVoIN/qyRm9LWcBP3ymjp79T4epSbhSH1 duCGeNUD8sZWv0YwffzyjxnpdLtOmxJUCYbl/1u8yxYYyrXvlk/pgkyvo3Ick/uq 37Q65yscmFq25H7mGo5MFqg2imFXdT6Fw1YVRN92+iGWP8XJ7rHjI06+MS8UX1Be 6cqm2ZbF71lNGSW4JzSL5B03qZBI/AdTOFESfoXH2NkTJO/F20zcR6yGy5+jHeyR QKCulaPYGR2W/qpp3j2H6vZTl9ZFJFi4dH0s4LplDS5aS9LNLjL4ZhT8A/Ly3S5O Iij91vnkxSoxB0SSypaNtUsTtTOXg2gEsRtAG8a8z9NbKtYK7NzOA5Yl9jqyry7S zjZTx0aMZHjrVJU6Nw4QEOGrea9yU6gCqfM6Bix2rMEBUaLJjHCFasBn9Yc+OSVd pQRoxZKDIdmzZcFMHiNMDc2nArY5N9qgH06RyKnGFKRzF3k1bwtlVNWZC9ZeKeWj nG9RND9IGauheSNFAZSUXmm1k3R+ZoHCqi08jfBrt1YuX6qwoX1k5FCenM1dJCj8 NakxfthKBENdyQ3seQeDY+LtbZmQQPb61UQu6Q+xvgKD5fMaVk5tUkBGMdppxIpi whih2yZNstU8e/2JuC/e9r1H0t40bqkDvhdxXTZ24n7YfFF4R632nYD/8POyANH5 eySgm7ETIAZJbhGOy8icLOOkUsF8Zb3nFdNzN4BR5P/lCrwEIcpscCTDmNdcJOoJ wTrFAW/VWa+Oh0k9jiOQ0KqNqBTLkG7f4TQOg++y8+bcyW2JsVJOEYeKmMwjO9ZV r0SAqN5XxcwSCTj52j2A2bxMtXg+8XpfgTZnj4HRcWRVaG4ZVPdsLGIEGsaBka91 TDijXNNw9DlVehGBZxoszVYhnPKXIoIXtGISLb5sCybRUruhpiMqyOYOWzttRDZo DoNAeogDV2KHdfgNwSzn9IwCpRGYk44mNgMQtemPO7AHO6VXLtx+9hY0qzEzz6Wh Jn2xN8HbZerLcMmE7ztrn/2mZzN4NErReUdbjhytKIzdfLez9tYgiq95XpBvuwnr -----END RSA PRIVATE KEY----- Bag Attributes friendlyName: certificate1 localKeyID: 54 69 6D 65 20 31 34 33 35 39 31 32 38 38 36 37 37 30 subject=/C=IN/ST=Karnataka/L=Bangalore/O=Self learn Java/OU=Self learn Java/CN=Hari Krishna Gurram issuer=/C=IN/ST=Karnataka/L=Bangalore/O=Self learn Java/OU=Self learn Java/CN=Hari Krishna Gurram -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIEEqEprjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMC SU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMRgwFgYD VQQKEw9TZWxmIGxlYXJuIEphdmExGDAWBgNVBAsTD1NlbGYgbGVhcm4gSmF2YTEc MBoGA1UEAxMTSGFyaSBLcmlzaG5hIEd1cnJhbTAeFw0xNTA3MDMwNzA5MTlaFw0x NTA3MTAwNzA5MTlaMIGHMQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWth MRIwEAYDVQQHEwlCYW5nYWxvcmUxGDAWBgNVBAoTD1NlbGYgbGVhcm4gSmF2YTEY MBYGA1UECxMPU2VsZiBsZWFybiBKYXZhMRwwGgYDVQQDExNIYXJpIEtyaXNobmEg R3VycmFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyPKYKFkBcyU 6r4+oYS77YJCLlhPBuxt23hwTXsN2Rf9kJ5WPvwC8hfhiQP/Ck7DTLldufsaK+ql xftYYcd8+EQp3AqT+mFc5bWy+ZwLG1IyUyh+eXLVYiv3FemM3YpKQidRGzbzizso 3sUwbk5Q0BERJ0EBM4Sley0zm2S/LsLED+A7xKMtL95GS3uscWPkE6kn6Gou2FXu GNPxXR7POlnZnE0XSfVH2qS7bzMffGtRm/+vptmdx1qUCXphcgjqGIOrV/Ad4olX QcXNbk8P9pnRK8G55Yf7TMhcs06p0KI6jgtnsdduj8U+vD4uKDuiMU2rmhC4l0N4 nApGA89mOwIDAQABoyEwHzAdBgNVHQ4EFgQUrxIJulLp4tv3kr2TwjH8gUTqfDIw DQYJKoZIhvcNAQELBQADggEBAH5LANqBCJmYHtQlNY+QPGPygGn36r8Dqa8eqn83 e0m4qKBVPu0tdEbcLBru+5yvDcd9sg/m5HW7EU+XLVF43pNQ0szLIH85o3+PpNqe vGXNaZpA4NjOK0aV6AX8pED1cVObvTdvSu8mBNWMH3m375fyRdS7mWDlPBJG8gA1 Ceg3ILcZr9dP2fn4YgNt8hCD4UlJLZS/RIxLud8+a6YWHp1WTpzbUqlcLycohTOn h6WzV+eHv919SonJuejqAfA3pnewGwXFN/wFY7zerAt0VrbiIFw4n7RUjI9YaHIw 1l5RvsZ+zj+1E6VLnw5VGr4QpJCj/d2j2yUj/vaZT4/PP3I= -----END CERTIFICATE-----
Related Articles
No comments:
Post a Comment