Overview#
Keytool is the certificate management tool for Java.Normally you would on perform this on Server or a Client that is required to present a Certificate
Creating a CSR Example#
Though these examples show using the Windows Client Operating System the only difference is in the path names.You need to specify your desired values for:
- Path values for all commands and locations.
- servername - The Certificate Alias of the certificate you are going to use.
- hostname.jks - The Keystore you are going to use.
- hostname.csr - The file name of the CSR you generate.
- mydomain.crt - The Trust Anchor (Root Certificate) Name
- mydomain - The Trust Anchor Certificate Alias for the Trust Anchor
- dname - replace the "CN=hostname,OU=IT, O=services.willeke.biz LLP, L=Butler, ST=Ohio, C=US" with desired values
Generate the KeyStore#
If you do not already have a Java KeyStore, you will need to create one:%HOMEDRIVE% cd %HOMEPATH% "C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -genkey -alias servername -keyalg RSA -keysize 2048 -keystore hostname.jks -dname "CN=hostname,OU=IT, O=services.willeke.biz LLP, L=Butler, ST=Ohio, C=US"
Generate the CSR#
%HOMEDRIVE% cd %HOMEPATH% "C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -certreq -alias servername -file hostname.csr -keystore hostname.jksYour keystore file is %HOMEPATH%\hostname.jks.
Your CSR file is %HOMEPATH%\hostname.csr.
Install the TRUSTED CA#
%HOMEDRIVE% cd %HOMEPATH% "C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -import -trustcacerts -alias mydomain -file mydomain.crt -keystore hostname.jks
Intermediate Certificates #
If there are Intermediate Certificates, they also need to be installed into the:"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -import -alias intermed -keystore hostname.jks -trustcacerts -file <name of the intermediate certificate>
Import your hostname certificate #
The CA and all Intermediate CAs must be installed before you import your Certificate."C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -import -alias servername -file servername -keystore hostname.jks