Keytool is the certificate management tool for Java.

Creating a CSR Example#

Though these examples show using the Windows platform the only difference is in the path names.

You need to specify your desired values for:

  • Path values for all commands and locations.
  • servername - The Alias of the certificate you are going to use.
  • hostname.jks - The KeyStore you are going to use.
  • hostname.csr - The file name of the CSR you generate.
  • mydomain.crt - The CA Certificate Name
  • mydomain - The CA Alias for the CA Certificate
  • dname - replace the "CN=hostname,OU=IT, O=services.willeke.biz LLP, L=Butler, ST=Ohio, C=US" with desired values

Generate the KeyStore#

If you do not already have a Java KeyStore, you will need to create one:

"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -genkey -alias servername -keyalg RSA -keysize 2048 -keystore hostname.jks -dname "CN=hostname,OU=IT, O=services.willeke.biz LLP, L=Butler, ST=Ohio, C=US"

Generate the CSR#


"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -certreq -alias servername -file hostname.csr -keystore hostname.jks 
Your keystore file is %HOMEPATH%\hostname.jks.

Your CSR file is %HOMEPATH%\hostname.csr.

Install the TRUSTED CA#


"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -import -trustcacerts -alias mydomain -file mydomain.crt -keystore hostname.jks

Intermediate CAs#

If there are Intermediate CAs, they also need to be installed:
"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -import -alias intermed -keystore hostname.jks -trustcacerts -file <name of the intermediate certificate>

Import your hostname certificate #

The CA and all Intermediate CAs must be installed before you import your Certificate.
"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -import -alias servername -file servername  -keystore hostname.jks

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-5) was last changed on 21-Jan-2017 11:08 by jim