Stack Overflow
Stack Overflow

Questions tagged [keytool]

Key and Certificate Management Tool: manages a keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates.

Keytool is a key and certificate management utility. It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.

1325 questions
19
votes
2 answers

Generate certificates, public and private keys with Java

I'm looking for a java library or code to generate certificates, public and private keys on the fly without to use third party programs (such as openssl). I think something that is doeing keytool+openssl but from Java code. Consider a java servlet…
PeterMmm
  • 24,152
  • 13
  • 73
  • 111
19
votes
5 answers

keytool - see the public and private keys

I created Java keystore programmatically of type jks (i.e. default type). It is initially empty so I created a DSA certificate. keytool -genkey -alias myCert -v -keystore trivial.keystore How can I see the public and private keys? I.e. is there a…
Cratylus
  • 52,998
  • 69
  • 209
  • 339
19
votes
1 answer

I'm having trouble getting SHA1 certificate with keytool

I'm trying to find the SHA1 hash of my signature key store on macos sierra using the following comand: keytool -exportcert -alias androiddebugkey -keystore $HOME/.android/debug.keystore -list -v -storepass android The result looks like…
Jeilson Araujo
  • 191
  • 1
  • 1
  • 4
19
votes
1 answer

How to create CSR with SANs using keytool

I'd like to ask whether it is possible to create CSR that contains SAN records. I created keystore as keytool -genkeypair -keyalg RSA -keysize 2048 -alias testAlias -ext SAN=dns:test.example.com -keystore test.jks -storetype JKS -dname "CN=test" I…
Betlista
  • 10,327
  • 13
  • 69
  • 110
19
votes
3 answers

Java Keystore password pointless?

What exactly is the sense behind a Keystore password, eg on JKS/BKS keystores? It is obviously NOT for security, because i can open the file with an editor and copy all entries into new files without passwordcheck. Data inside a passwordprotected…
billdoor
  • 1,999
  • 4
  • 28
  • 54
18
votes
4 answers

Android signing error: trusted certificate entries are not password-protected

Got a certificate to sign the android unsigned release apk files, So I imported the cer using command: keytool -import -alias alias_name -file cer_name.cer -storepass changeit -keystore my_keystore.keystore But when signing the app with android…
Sanjay Singh
  • 231
  • 1
  • 3
  • 11
18
votes
1 answer

Unable to import .p12 keystore

I created a .p12 keystore using openssl from a pkcs8 keystore. Now I'm trying to import the private key using java Keytool into a new JKS keystore. I tried the command: keytool -importkeystore -srckeystore newKS.p12 -srcstoretype pkcs12 …
Amir_Af
  • 576
  • 6
  • 22
18
votes
2 answers

How to convert trust certificate from .jks to .pem?

I have a Java SSL server to which I want my Java SSL client and C++ SSL client to be able to connect. The Java client connects without issues. Now I want to have my C++ SSL client to be able to connect. So for this purpose ,I imagined, that I want…
driftwood
  • 2,051
  • 4
  • 21
  • 28
17
votes
2 answers

How to create a certificate chain using keytool?

I want to create certificate chain in java as follows: ca.mycompany.com |--asia.mycompany.com |--india.mycompany.com where ca.mycompany.com is a root certificate (self signed). I know this is possible with OpenSSL. But is it possible to to…
Tamal Kanti Nath
  • 914
  • 2
  • 10
  • 18
17
votes
1 answer

Difference between Entry Type "keyEntry" and "trustedCertEntry" in a keystore

I don't have much knowledge in this area, but i have still tried to do things by googling. Here is the problem i am facing. Case 1(Works): I have a CA signed certificate and i would like to use it in my Web Application. I first created a keystore. I…
bluefoggy
  • 961
  • 1
  • 9
  • 23
16
votes
6 answers

cannot find keytool on a mac

I am trying to find my keytool so that I can make keys to sign my app and to register for the google maps api I'm beginning to think that I don't actually have it on my machine If anyone could help point me in the right direction that would be great
Ian
  • 1,490
  • 6
  • 24
  • 39
16
votes
2 answers

Convert an old style .p12 to .pem (unsupported algorithm RC2-40-CBC)

There seem to exist still some tools which generate private keys encrypted with RC2-40-CBC Although I'm able to export it to a new key store using keytool -importkeystore it seems that I can't get rid of this algorithm. How to convert them to PEM…
erny
  • 1,296
  • 1
  • 13
  • 28
16
votes
1 answer

Generate a key with keytool, in a non-interactive way

When I'm using: "C:\Program Files\Java\jdk1.8.0_151\bin\keytool.exe" -genkey -v -keystore my.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app then an interactive process begins which asks name, password, etc. Is there a way to…
Basj
  • 41,386
  • 99
  • 383
  • 673
16
votes
5 answers

keytool -genkey error: Keystore file does not exist

I try to create a new self certified keystore file The command I use is: keytool -genkey -selfcert -dname "cn=My Name, ou=Orga unit" -alias selfcertified -keypass somepass -keystore keystore.jks -storepass anotherpass -validity 365 but I always get…
Chris Friedl
  • 163
  • 1
  • 1
  • 4
16
votes
2 answers

how to change PKCS12 keystore password using keytool?

I cannot change PKCS keystore password using keytool (java 8). When I tried to change the key password: keytool -keypasswd -keystore keystore.p12 -storetype PKCS12 -storepass oldpass -keypass oldpass -new newpass keytool error:…
Tamal Kanti Nath
  • 914
  • 2
  • 10
  • 18
1 2 3
88 89