Generate Private Key Using Keytool

/ Comments off

To Use keytool to Create a Server Certificate. Run keytool to generate a new key pair in the default development keystore file, keystore.jks.This example uses the alias server-alias to generate a new public/private key pair and wrap the public key into a self-signed certificate inside keystore.jks. Keytool is a key and certificate management utility. It enables users to administer their own public/private key pairs and associated certificates for use in self-authentication. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.

  • Use the same alias as the private key so it associates them together. The alias here must match the alias of the private key in the first command. Keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore KeyStore.jks.
  • Jul 01, 2019 How to query and verify your keystores with the keytool command. Create private key and keystore. To get started, the first thing we need to do is create a private key keystore. This is going to be a file on your filesystem, and I'm going to name mine privateKey.store. To create this “private key keystore,” run the following keytool command.
  • Export/import commands We'll use the keytool -export command to extract the public key into a file, and then use the keytool -import command to insert it into a new keystore. Here's the command to extract the client's public key: keytool -export -alias clientprivate -keystore client.private -file temp.key.
  • Export/import commands We'll use the keytool -export command to extract the public key into a file, and then use the keytool -import command to insert it into a new keystore. Here's the command to extract the client's public key: keytool -export -alias clientprivate -keystore client.private -file temp.key -storepass clientpw.

When you are working with JAVA applications and JAVA based server, you may need to configure a Java key store (JKS) file. Self signed keystore can be easily created with keytool command. But if you have a private key and a CA signed certificate of it, You can not create a key store with just one keytool.

Steps to generate self-signed PKCS#12 SSL certificate and export its keys:

1- Create PKCS#12 keystore (.p12 or .pfx file) Key generation in blowfish algorithm.

  • myKeystore.p12 = keystore filename. It can with .pfx extension as well.
  • MY_PASSWORD = password used for the keystore and the private key as well.
  • CN = commonName, it will be shown as certiciate name in certificates list.
  • OU = organizationUnit, department name for example.
  • O = organizationName, the company name.
  • L = localityName, the city.
  • S = stateName, the state.
  • C = country, the 2-letter code of the country.

Generate A Private Key Using Keytool

Note: This step can be done using openssl but it's more complicated.

Generate Csr With Private Key Using Keytool

2- Create the public certificate (has the header -----BEGIN CERTIFICATE-----):

Using keytool:

Generate

Or using openssl:

Private Key Bitcoin

Note: Import public-certificate.pem into browsers to trust it. Add it to 'Trusted Root Certification Authorities' certificate store.

3- Export the private key (has the header -----BEGIN PRIVATE KEY-----):

Generate Private Key Using Keytool

4- Export the public key from the private key (has the header -----BEGIN PUBLIC KEY-----):