Command to list out kestore file contains:
# keytool -list -keystore cacerts
To write the contents to a file:
# keytool -list -keystore cacerts > /tmp/cacertsContents.txt
To delete an entry from the keystore file:
# keytool -delete -alias myservercer -keystore cacerts
Using Below command in Linx (Similarly you can achieve it in Windows too) to import ssl certificate from one keystore into another keystore using keytool:
# keytool -importkeystore -destkeystore /usr/java/default/jre/lib/security/cacerts -srckeystore localhostServerKeystore.jks
For windows above can be some thing like this:
C:\certs> keytool -importkeystore -destkeystore C:\Program Files\Java\jdk1.6.0_24\jre\lib\security\cacerts -srckeystore localhostServerKeystore.jks
Assuming " localhostServerKeystore.jks" is at "C:\certs" or accordingly provide the path above for your keystore.
If Get an error like below while importing:
C:\certs\windowsOpenSSLCerts\tomcat6-CAS-certs>keytool -import -keystore C:\Java\jdk1.6.0_24\jre\lib\security\cacerts -file casRootCAcert.crt
Enter keystore password:
keytool error: java.lang.Exception: Input not an X.509 certificate
We need to convert the certificate into DER format:
Converting a certificate from binary to DER format:
C:\certs\windowsOpenSSLCerts\tomcat6-CAS-certs>openssl x509 -in casRootCAcert.crt -out casRootCAcert.der -outform DER
Importing a DER certificate:
C:\certs\windowsOpenSSLCerts\tomcat6-CAS-certs>keytool -import -keystore C:\Java\jdk1.6.0_24\jre\lib\security\cacerts -file casRootCAcert.der
No comments:
Post a Comment