Friday, 9 February 2018

Keytool: Create and export self-signed certificate

By using ‘keytool’ command provided as part of java installation, you can generate self-signed certificate.

keytool -genkey -keyalg RSA -alias mySelfSignedCert -keystore selfSigned.jks -validity <days> -keysize 2048

For example,
Below command creates a self-signed certificate with validity of 365 days.

keytool -genkey -keyalg RSA -alias mySelfSignedCert -keystore selfSigned.jks -validity 365 -keysize 2048

Open command prompt and generate self signed certificate.,

C:\Users\krishna>keytool -genkey -keyalg RSA -alias mySelfSignedCert -keystore selfSigned.jks -validity 365 -keysize 2048
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  krishna
What is the name of your organizational unit?
  [Unknown]:  krishna
What is the name of your organization?
  [Unknown]:  krishna
What is the name of your City or Locality?
  [Unknown]:  krishna
What is the name of your State or Province?
  [Unknown]:  krishna
What is the two-letter country code for this unit?
  [Unknown]:  kr
Is CN=krishna, OU=krishna, O=krishna, L=krishna, ST=krishna, C=kr correct?
  [no]:  y

Enter key password for <mySelfSignedCert>
        (RETURN if same as keystore password):
Re-enter new password:

Now you can able to see the ‘selfSigned.jks’ file.

List all the certificate in the .jks file
keytool -list -v -keystore selfSigned.jks

How to export the certificate from .jks file?
keytool -export -alias aliasName -keystore pathToKeyStoreFile -file pathToCertificateFile

for example, below command export the self signed certificate to the file ‘myCert.cer’.

keytool -export -alias mySelfSignedCert -keystore selfSigned.jks  -file myCert.cer

Once you open the certificate, you can able to see below kind of image.

You may like


No comments:

Post a Comment