Utilize keytool programmatically in a Java servlet to create a certificate/keypair

Question

We need to create an HTTP service that can create and return a certificate signed by a trusted parent certificate. Our initial plan was to use keytool in the bin directory of our jdk in a Servlet using Runtime.exec, but it seems the keytool commands require answers to prompts on the command line.

For example: keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 asks a number of questions on the command line.

Our next idea was to use java.security.KeyStore, but I don't see a way to export and persist the store, we will want to keep all our certificates in a jks file. If the web container goes down we definitely need to be able to keep all the PKI artifacts.

Have you tried the java 7 keytool? I think you can put everything on the command line and avoid the prompting. — President James K. Polk, Jul 03 '12 at 02:28

score 1 · Answer 1 · answered Mar 18 '13 at 20:49

Since this was one of the top results in google and I did eventually figure it out here's the answer.

$ java -version
java version "1.7.0_11"
$ keytool -genkey -keysize 2048 \
  -alias tomcat \
  -keyalg RSA \
  -dname "CN=example.com,OU=MyOrgUnit,O=MyOrg,L=Somewhere,S=State,C=US" \
  -storepass Secret -keypass Secret \
  -keystore keystore.jks

Hope this helps others.

score 0 · Answer 2 · answered Jul 11 '12 at 19:12

0

Try Portecle. If the GUI can't do it, then simply extract the information from the source.

answered Jul 11 '12 at 19:12

Maarten Bodewes

90,524
13
150
263

Utilize keytool programmatically in a Java servlet to create a certificate/keypair

2 Answers2