Keytool is the certificate management tool for Java.

Normally you would on perform this on Server or a Client that is required to present a Certificate

Creating a CSR Example#

Though these examples show using the Windows Client Operating System the only difference is in the path names.

You need to specify your desired values for:

Generate the KeyStore#

If you do not already have a Java KeyStore, you will need to create one:

"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -genkey -alias servername -keyalg RSA -keysize 2048 -keystore hostname.jks -dname "CN=hostname,OU=IT, O=services.willeke.biz LLP, L=Butler, ST=Ohio, C=US"

Generate the CSR#


"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -certreq -alias servername -file hostname.csr -keystore hostname.jks 
Your keystore file is %HOMEPATH%\hostname.jks.

Your CSR file is %HOMEPATH%\hostname.csr.

Install the TRUSTED CA#


"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -import -trustcacerts -alias mydomain -file mydomain.crt -keystore hostname.jks

Intermediate Certificates #

If there are Intermediate Certificates, they also need to be installed into the:
"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -import -alias intermed -keystore hostname.jks -trustcacerts -file <name of the intermediate certificate>

Import your hostname certificate #

The CA and all Intermediate CAs must be installed before you import your Certificate.
"C:\Program Files\Java\jdk1.8.0_20\bin\keytool" -import -alias servername -file servername  -keystore hostname.jks

More Information#

There might be more information for this subject on one of the following: