Custom Search

Monday, June 17, 2013

Using Java keytool Creating ssl keys and Certificates

Command to list out kestore file contains:
#  keytool -list -keystore cacerts

To write the contents to a file:
# keytool -list -keystore cacerts > /tmp/cacertsContents.txt

To delete an entry from the keystore file:
# keytool -delete -alias myservercer -keystore cacerts

Using Below command in Linx (Similarly you can achieve it in Windows too) to import ssl certificate from one keystore into another keystore using keytool:

# keytool -importkeystore  -destkeystore /usr/java/default/jre/lib/security/cacerts  -srckeystore localhostServerKeystore.jks

For windows above can be some thing like this:
C:\certs> keytool -importkeystore  -destkeystore C:\Program Files\Java\jdk1.6.0_24\jre\lib\security\cacerts  -srckeystore  localhostServerKeystore.jks

Assuming " localhostServerKeystore.jks" is at "C:\certs"  or accordingly provide the path above for your keystore.

If Get an error like below while importing:
C:\certs\windowsOpenSSLCerts\tomcat6-CAS-certs>keytool -import -keystore C:\Java\jdk1.6.0_24\jre\lib\security\cacerts -file casRootCAcert.crt
Enter keystore password:
keytool error: java.lang.Exception: Input not an X.509 certificate

We need to convert the certificate into DER format:
Converting a certificate from binary to DER format:
C:\certs\windowsOpenSSLCerts\tomcat6-CAS-certs>openssl x509 -in casRootCAcert.crt -out casRootCAcert.der -outform DER

Importing a DER certificate:
C:\certs\windowsOpenSSLCerts\tomcat6-CAS-certs>keytool -import -keystore C:\Java\jdk1.6.0_24\jre\lib\security\cacerts -file casRootCAcert.der