Java: Read the keystore file content as base 64 encoded string

In this post, I am going to explain how to read the keystore file content as base 64 encoded string and write the base64 encoded string to a new key store file.

 

To demonstrate the application, let’s create a new keystore file by executing beow command.

keytool -genkey -keyalg RSA -keystore myKeystore.jks -keysize 2048

$keytool -genkey -keyalg RSA -keystore myKeystore.jks -keysize 2048
Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  Ram
What is the name of your organizational unit?
  [Unknown]:  hr
What is the name of your organization?
  [Unknown]:  abcCorp
What is the name of your City or Locality?
  [Unknown]:  Bangalore
What is the name of your State or Province?
  [Unknown]:  Karnataka
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Ram, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN correct?
  [no]:  y

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 90 days
    for: CN=Ram, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
$

 

Let’s print the content of keystore file.

$keytool -list -keystore myKeystore.jks 
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

mykey, 8 Feb 2023, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): 7E:2E:8F:1A:6F:94:FA:2A:41:80:0E:39:EA:11:52:2F:A1:64:C0:70:7D:5B:26:3C:39:8A:E6:50:B7:57:60:D6

 

Find the below working application.

 

FileUtil.java

 

package com.sample.app.util;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Base64;

public class FileUtil {

    public static String readFileContentAsBase64EncodedString(String filePath)
            throws FileNotFoundException, IOException {
        byte[] byteContent = getByteArray(filePath);
        byte[] encoded = Base64.getEncoder().encode(byteContent);
        return new String(encoded);

    }

    public static void writeBase64EncodedStringToFile(final String filePath, final String encodedContent) {
        if (encodedContent == null) {
            throw new IllegalArgumentException("encodedContent is null");
        }
        byte[] decocedBytes = Base64.getDecoder().decode(encodedContent.getBytes());
        writeToFile(filePath, decocedBytes);
    }

    public static boolean writeToFile(final String filePath, final byte[] content) {
        if (filePath == null) {
            throw new IllegalArgumentException("filePath is null");
        }

        if (content == null || content.length == 0) {
            throw new IllegalArgumentException("content is null or empty");
        }

        try (FileOutputStream out = new FileOutputStream(filePath);) {
            out.write(content);
        } catch (Exception e) {
            return false;
        }
        return true;

    }

    public static byte[] getByteArray(final String filePath) throws FileNotFoundException, IOException {

        if (filePath == null) {
            throw new IllegalArgumentException("filePath is null");
        }
        try (final FileInputStream fis = new FileInputStream(new File(filePath))) {
            return getByteArray(fis);
        }
    }

    /**
     * Methods which are calling this method are responsible to close the
     * InputStream.
     * 
     * @param inputStream
     * @return
     * @throws IOException
     */
    private static byte[] getByteArray(final InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();

        int nRead;
        byte[] data = new byte[16384];

        try {
            while ((nRead = inputStream.read(data, 0, data.length)) != -1) {
                byteArrayOutputStream.write(data, 0, nRead);
            }
        } catch (IOException e) {
            e.printStackTrace();
            if (inputStream != null) {
                inputStream.close();
            }
        }

        return byteArrayOutputStream.toByteArray();
    }

}

 

App.java

package com.sample.app;

import java.io.FileNotFoundException;
import java.io.IOException;

import com.sample.app.util.FileUtil;

public class App {

    public static void main(String[] args) throws FileNotFoundException, IOException {
        String filePath = "/Users/Shared/keystore/myKeystore.jks";

        String encodedString = FileUtil.readFileContentAsBase64EncodedString(filePath);
        System.out.println(encodedString);

        String destinationFilePath = "/Users/Shared/keystore/myKeystore1.jks";
        FileUtil.writeBase64EncodedStringToFile(destinationFilePath, encodedString);
    }
}

Run the above application, you will see a file myKeystore1.jks file is created.

 

Let’s print the content of myKeystore1.jks file to confirm the same.

$keytool -list -keystore myKeystore1.jks 
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

mykey, 8 Feb 2023, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): 7E:2E:8F:1A:6F:94:FA:2A:41:80:0E:39:EA:11:52:2F:A1:64:C0:70:7D:5B:26:3C:39:8A:E6:50:B7:57:60:D6

Previous                                                 Next                                                 Home

Import a self-signed certificate to java keystore

This post is divided into three sections.

a.   Generate a self-signed certificate

b.   Import the certificate to keystore

c.    Export the public and private keys from the keystore

 

Generate a self-signed certificate

Go to this post, and create a .der file

 

Import the certificate to keystore

 Open terminal and execute below command.

 

keytool -import -alias java-blogspot -keystore myKeystore.jks -file myDomain.der

$keytool -import -alias java-blogspot -keystore myKeystore.jks -file myDomain.der
Enter keystore password:  
Re-enter new password: 
Owner: EMAILADDRESS=demo@demo.com, CN=sample-app.com, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
Issuer: EMAILADDRESS=demo@demo.com, CN=sample-app.com, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
Serial number: fef9fa87f9f94435
Valid from: Wed Feb 08 10:26:36 IST 2023 until: Thu Feb 08 10:26:36 IST 2024
Certificate fingerprints:
     SHA1: 7C:86:63:8B:3B:92:5B:EA:57:DC:B8:F0:FE:40:57:D7:EF:32:13:D6
     SHA256: E1:C6:0A:BD:34:83:C8:86:3E:65:A4:01:F0:CB:EB:C7:73:EB:F6:19:77:EE:CE:EF:62:44:63:37:73:64:2E:37
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 2048-bit RSA key
Version: 1

Warning:
The input uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update.

Trust this certificate? [no]:  y
Certificate was added to keystore

 

Print the entries in keystore.

keytool -list -keystore myKeystore.jks
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

java-blogspot, 8 Feb 2023, trustedCertEntry, 
Certificate fingerprint (SHA-256): E1:C6:0A:BD:34:83:C8:86:3E:65:A4:01:F0:CB:EB:C7:73:EB:F6:19:77:EE:CE:EF:62:44:63:37:73:64:2E:37

Export public key for the alias java-blogspot

keytool -export -alias java-blogspot -keystore myKeystore.jks -rfc -file public.cert

$keytool -export -alias java-blogspot -keystore myKeystore.jks -rfc -file public.cert
Enter keystore password:  
Certificate stored in file <public.cert>
$
$
$cat public.cert 
-----BEGIN CERTIFICATE-----
MIIDlDCCAnwCCQD++fqH+flENTANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRAwDgYD
VQQKDAdhYmNDb3JwMQswCQYDVQQLDAJocjEXMBUGA1UEAwwOc2FtcGxlLWFwcC5j
b20xHDAaBgkqhkiG9w0BCQEWDWRlbW9AZGVtby5jb20wHhcNMjMwMjA4MDQ1NjM2
WhcNMjQwMjA4MDQ1NjM2WjCBizELMAkGA1UEBhMCSU4xEjAQBgNVBAgMCUthcm5h
dGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRAwDgYDVQQKDAdhYmNDb3JwMQswCQYD
VQQLDAJocjEXMBUGA1UEAwwOc2FtcGxlLWFwcC5jb20xHDAaBgkqhkiG9w0BCQEW
DWRlbW9AZGVtby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+
DD14AR8oC1z8Jj2EUt7NNTTHVay8V84AeQxjqf5SULDNo428T8h3NaQNwOfpvVlP
zPbln5yit/SCSc5ZHXb2ijdedxcDeBgQn9jjXtoGZAzzjj0s36gMVw8hWJRLnNus
C0vfp7URCc4qvGWD3erktm4hh8IXDgggpOrHNXAdG1NtfUsq7u4Ys6ZUfVWJ0Qd4
PPKZDpGwpfFm07m5PxEJ7DaIMXwJaztdV/ub+DY+R5qzYltMSfNoGcjdL+zWouCh
65rNJC+iYZuh9cp/rb+N16Ln+H8mdt5Z9H/sX/00IftvCtGNyxCK42t+iF0DKiFT
4txB84NA/HvkNtRCtJptAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAA7zpvhg6gxm
ieEFwqOSpdoUtj1b/UrmOq7Viol/PFZrSH4EWQHmIOZGTl+QQfwviZBjgJCzizRK
G+4CQBvpKTZOA1C6hYdxkhkVfdZ2fAAJahz+FuexzQR7FOxPf75Rixiosc87/m91
OVpu/KsJtUiS44cEwGfgz7LUsh6vUYHQnIIGCu2l0byuUBU64KnX1vpuDKwmQ2II
nzbANQ0CFINctgczk63FaadyPbUzUeuxy3fqxMgeIB92QqW536yGRVAOGqZ0aRgL
ouYm43egLnQMnQacHNXxVwfc/lQfoGRx1t9t46+Hu4KaINqnPYgo/my5XOAJZ+98
d+FHjYT0bYE=
-----END CERTIFICATE-----

Note

Just to note, only public key is embedded in the SSL certificate and Private key is stored on the server and kept secret.

 

Previous                                                 Next                                                 Home

Create a self-signed certificate using OpenSSL

In this post, I am going to explain how to create a self-signed certificate using OpenSSL.

 

1. Create a private key

Open terminal and execute below command.

openssl genrsa -des3 -out myDomain.key 2048

 Remove the -des3 option from the command, if you do not want the private key to be encrypted.

 

$openssl genrsa -des3 -out myDomain.key 2048
Generating RSA private key, 2048 bit long modulus
................+++
.............................+++
e is 65537 (0x10001)
Enter pass phrase for myDomain.key:
Verifying - Enter pass phrase for myDomain.key:

 

I set the password as ‘password123’. Upon successful execution of the command, you can see a file ‘myDomain.key’.

$ls
myDomain.key

 

You can see the content of myDomain.key using cat command.

$cat myDomain.key 
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,9F0FF2109392340E

yySOZ9KoyDUBF1ecjKdeo9kU3veXhF5W9wG2jsMkRFk0S/Y06OaUkoDNH3TlpNzW
iT2m+05CdyNabJMyk44Th1rrzxYVCmvIkWn/JakdMsomlEydVAZOwnx32uccFYma
fNl5HdnWPFDLC0YdEFNt0LxO5sA15wAkfa+XcD/zVNdMxpvB8v8RHYbVJqJD4hNl
4bvLyQJGpbUNvT5ppAap5waoUXrX6D3ApQaJARD1WcRpalKQ9wCavbSemeccRhGJ
1eJH8KzjWw0c5TWDyNrDhPOGZK7LP9vLZ/gFRkPV05Jhc7yU6+vfmIyLQDwG24i/
4EAFVrDxkd6k7AsXLEbOP9xc+ESEDXy4joov2G2DZ1xtEev5fBAssACt4dOG5WHU
Kabs+WycLqre5A5tidj5XWNFiEsQFJkAZxkM/oSc4i7URcpizN9rOnaJY48IiQyI
SLV5l9Pg163X7PTMQjdx3fnZEdioLovUJ57Uzo4PwcMi1ukauC75750gO5ClKSLe
wi0erOQmIWzJNb+M4vSxQuvd8iEQh3896omN1bf5MvhXqJLEzPKdDR8Re7wRjKs1
g1JJLKT+KFxXKTm13+VykuBoAk/oIJYCuUnSCnqTqtf1YPlU3YQ1NeDgk5vCmu+Q
ovu/4EF1NH5PuHdA1/6zyKQXvR+vlvaXyB0zC5optntVjBwFt39dsqYb0rd+iaws
rNC/s5o3OV/Fm/FlQbjvR4ruXSELg7TBW9oxD93R5iR82xuy3Q3NCOPQMUls9CvC
JipdDzwLc5VHcYFhWUb92Tmez7XiLy8/05ywPCJuAchI/tr77Idqmu/Xjj84Rk5K
BLpvZuLACUv4q5j+YUtkMsqJIQBIxut4wpZHRrLiSZKnbY1wUJFV/KnQKRoe3nYf
toKCMZ4UTH3fbW693iJZ6iA2Z5YsIK6+b4nBH+UKFRe/Duix6CVnjW7DqC1i7INx
Rvf/DlRxECtHMDQQr6qzylbbAWnJiFFZ/Cj9Z1VaBkufj4ki32XXvZMyaBjq01WG
yyYIixq3bnwYiOY/fm9q7Quwy5nRvl5NLdpPgzRb7wlm+Uu0JvPH86a3hf66+WWJ
GmWj8j9p93HHFKCRpj4B+Yk85DYh44kY/E5wKR2+dkrAOUQr/9JmNiWej10AYluK
1rRwzYHv3MvJRAxniuG0fCKJS+uAYRcjabsmdGUaWaUkQb3rtxogrJAHiebTa0Cf
e+EHOdKQDRDWdXZYoEJeAsnMqNfH9Dcy2VCnddBy7US4iourDvqOwUttfP3LEowL
PjWGOzhQnDS5GK3IfRupnSTynry3HNql+80gT7ksBWOwinRWHBk75DZhzN+PDv8V
zqQVoisBv2r7nKeLGq5Ez6R3d2jV99OxflXwVnACOl+eD+u0aLunngoK53KlLju0
/8TtjRNixD8AI5ZhyaTvXu6gT1eFqIxldT6lmQ16ZK1MqlyxyKXEinJmsPRewt1Z
uRyUS0SA2WkxMqatF3J+xXDG9LT0hzDWzVGJA4vFgaaRlEpai5rgqHii576ZVbQw
ewk4MW8ju1r5OHCOWEoSzD2GZaHoYDyyOKa7t+FoerrzShGv0WxEGm5VYCouQ4JA
-----END RSA PRIVATE KEY-----

 

2. Create a certificate signing request.

Open terminal and execute below command.

openssl req -key myDomain.key -new -out myDomain.csr

 .csr file is needed to sign the certificate.

 

$openssl req -key myDomain.key -new -out myDomain.csr
Enter pass phrase for myDomain.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:IN
State or Province Name (full name) []:Karnataka
Locality Name (eg, city) []:Bangalore
Organization Name (eg, company) []:abcCorp
Organizational Unit Name (eg, section) []:hr
Common Name (eg, fully qualified host name) []:sample-app.com
Email Address []:demo@demo.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password456

 

Now we have two files with us.

$ls
myDomain.csr	myDomain.key

 

I set the password for .csr file as password456.

 

3. Create a self-signed certificate

 

Open terminal and execute below command.

openssl x509 -signkey myDomain.key -in myDomain.csr -req -days 365 -out myDomain.crt

$openssl x509 -signkey myDomain.key -in myDomain.csr -req -days 365 -out myDomain.crt
Signature ok
subject=/C=IN/ST=Karnataka/L=Bangalore/O=abcCorp/OU=hr/CN=sample-app.com/emailAddress=demo@demo.com
Getting Private key
Enter pass phrase for myDomain.key:

 

Upon successful execution of the command, you can see a .crt file.

$ls
myDomain.crt	myDomain.csr	myDomain.key

 

4. View the certificate

Open terminal and execute below command.

openssl x509 -text -noout -in myDomain.crt

$openssl x509 -text -noout -in myDomain.crt
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 18372991616756040757 (0xfef9fa87f9f94435)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=IN, ST=Karnataka, L=Bangalore, O=abcCorp, OU=hr, CN=sample-app.com/emailAddress=demo@demo.com
        Validity
            Not Before: Feb  8 04:56:36 2023 GMT
            Not After : Feb  8 04:56:36 2024 GMT
        Subject: C=IN, ST=Karnataka, L=Bangalore, O=abcCorp, OU=hr, CN=sample-app.com/emailAddress=demo@demo.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:be:0c:3d:78:01:1f:28:0b:5c:fc:26:3d:84:52:
                    de:cd:35:34:c7:55:ac:bc:57:ce:00:79:0c:63:a9:
                    fe:52:50:b0:cd:a3:8d:bc:4f:c8:77:35:a4:0d:c0:
                    e7:e9:bd:59:4f:cc:f6:e5:9f:9c:a2:b7:f4:82:49:
                    ce:59:1d:76:f6:8a:37:5e:77:17:03:78:18:10:9f:
                    d8:e3:5e:da:06:64:0c:f3:8e:3d:2c:df:a8:0c:57:
                    0f:21:58:94:4b:9c:db:ac:0b:4b:df:a7:b5:11:09:
                    ce:2a:bc:65:83:dd:ea:e4:b6:6e:21:87:c2:17:0e:
                    08:20:a4:ea:c7:35:70:1d:1b:53:6d:7d:4b:2a:ee:
                    ee:18:b3:a6:54:7d:55:89:d1:07:78:3c:f2:99:0e:
                    91:b0:a5:f1:66:d3:b9:b9:3f:11:09:ec:36:88:31:
                    7c:09:6b:3b:5d:57:fb:9b:f8:36:3e:47:9a:b3:62:
                    5b:4c:49:f3:68:19:c8:dd:2f:ec:d6:a2:e0:a1:eb:
                    9a:cd:24:2f:a2:61:9b:a1:f5:ca:7f:ad:bf:8d:d7:
                    a2:e7:f8:7f:26:76:de:59:f4:7f:ec:5f:fd:34:21:
                    fb:6f:0a:d1:8d:cb:10:8a:e3:6b:7e:88:5d:03:2a:
                    21:53:e2:dc:41:f3:83:40:fc:7b:e4:36:d4:42:b4:
                    9a:6d
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         0e:f3:a6:f8:60:ea:0c:66:89:e1:05:c2:a3:92:a5:da:14:b6:
         3d:5b:fd:4a:e6:3a:ae:d5:8a:89:7f:3c:56:6b:48:7e:04:59:
         01:e6:20:e6:46:4e:5f:90:41:fc:2f:89:90:63:80:90:b3:8b:
         34:4a:1b:ee:02:40:1b:e9:29:36:4e:03:50:ba:85:87:71:92:
         19:15:7d:d6:76:7c:00:09:6a:1c:fe:16:e7:b1:cd:04:7b:14:
         ec:4f:7f:be:51:8b:18:a8:b1:cf:3b:fe:6f:75:39:5a:6e:fc:
         ab:09:b5:48:92:e3:87:04:c0:67:e0:cf:b2:d4:b2:1e:af:51:
         81:d0:9c:82:06:0a:ed:a5:d1:bc:ae:50:15:3a:e0:a9:d7:d6:
         fa:6e:0c:ac:26:43:62:08:9f:36:c0:35:0d:02:14:83:5c:b6:
         07:33:93:ad:c5:69:a7:72:3d:b5:33:51:eb:b1:cb:77:ea:c4:
         c8:1e:20:1f:76:42:a5:b9:df:ac:86:45:50:0e:1a:a6:74:69:
         18:0b:a2:e6:26:e3:77:a0:2e:74:0c:9d:06:9c:1c:d5:f1:57:
         07:dc:fe:54:1f:a0:64:71:d6:df:6d:e3:af:87:bb:82:9a:20:
         da:a7:3d:88:28:fe:6c:b9:5c:e0:09:67:ef:7c:77:e1:47:8d:
         84:f4:6d:81
$

 

5. Convert the .crt file to .der

The file generated in step 3 is in .pem encoding form. Open terminal and execute below command to get the certificate in .der form.

 

openssl x509 -in myDomain.crt -outform der -out myDomain.der

$openssl x509 -in myDomain.crt -outform der -out myDomain.der
$
$ls
myDomain.crt	myDomain.csr	myDomain.der	myDomain.key

6. Convert the .crt file to .pkcs12

Open terminal and execute below command.

openssl pkcs12 -inkey myDomain.key -in myDomain.crt -export -out myDomain.pfx

$openssl pkcs12 -inkey myDomain.key -in myDomain.crt -export -out myDomain.pfx
Enter pass phrase for myDomain.key:
Enter Export Password:
Verifying - Enter Export Password:
$
$ls
myDomain.crt	myDomain.csr	myDomain.der	myDomain.key	myDomain.pfx

Generate private key and self-signed certificate with one command

Open terminal and execute below command.

openssl req -newkey rsa:2048 -keyout myDomain2.key -x509 -days 365 -out myDomain2.crt

$openssl req -newkey rsa:2048 -keyout myDomain2.key -x509 -days 365 -out myDomain2.crt
Generating a 2048 bit RSA private key
....................+++
.................+++
writing new private key to 'myDomain2.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:IN
State or Province Name (full name) []:Karnataka
Locality Name (eg, city) []:Bangaore
Organization Name (eg, company) []:hr
Organizational Unit Name (eg, section) []:hr
Common Name (eg, fully qualified host name) []:demo@demo.com
Email Address []:demo@demo.com
$
$
$
$
$ls myDomain2*
myDomain2.crt   myDomain2.key

 

Previous                                                 Next                                                 Home

How to remove the password for a key in keystore?

Set the key password as same as keystore password to remove the password for a key. You can set the password to an alias by executing below command.

keytool -keypasswd  -alias {alias_name} -keystore {key_store}

Previous                                                 Next                                                 Home

How to change the password of a key in keystore?

Syntax

keytool -keypasswd  -alias {alias_name} -keystore {key_store}

 

For example, let’s generate a key by executing below command.

keytool -genkey -keyalg RSA -keystore myKeystore.jks -keysize 2048

$keytool -genkey -keyalg RSA -keystore myKeystore.jks -keysize 2048
Enter keystore password:  
keytool error: java.lang.Exception: Key pair not generated, alias <mykey> already exists
$keytool -genkey -keyalg RSA -keystore myKeystore.jks -keysize 2048 -alias demoKey
Enter keystore password:  
What is your first and last name?
  [Unknown]:  Ram
What is the name of your organizational unit?
  [Unknown]:  hr
What is the name of your organization?
  [Unknown]:  abcCorp
What is the name of your City or Locality?
  [Unknown]:  Bangalore
What is the name of your State or Province?
  [Unknown]:  Karnataka
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Ram, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN correct?
  [no]:  y

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 90 days
	for: CN=Ram, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
Enter key password for <demoKey>
	(RETURN if same as keystore password):  
Re-enter new password: 

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore myKeystore.jks -destkeystore myKeystore.jks -deststoretype pkcs12".
$

Reset the password of alias demoKey

$keytool -keypasswd  -alias demoKey -keystore myKeystore.jks
Enter keystore password:  
Enter key password for <demoKey>
New key password for <demoKey>: 
Re-enter new key password for <demoKey>: 

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore myKeystore.jks -destkeystore myKeystore.jks -deststoretype pkcs12".

Previous                                                 Next                                                 Home