Jan 17, 2019 In this tutorial, we demonstrate how to extract a private key from the Java KeyStore (JKS) in your projects using OpenSSL and Keytool. Generate self-signed PKCS#12 SSL certificate and export its keys using Java keytool and openssl. ssl-certs.md. 4- Export the public key from the private key. I'm reading about using the keytool command to generate a certificate from the oracle guide.The part I don’t understand is it says after running the command keytool -genkey., it creates a public/private key. Export public key certificate from a keystore The following command exports the public key certificate created in section 'Generate a public/private key pair and a self-signed certificate' to a binary file myserverkey.der: keytool -exportcert -alias myserverkey -file myserverkey.der -storetype JCEKS -keystore mystore.jck -storepass mystorepass. The exported certificate does not contain the private key. The private key remains in the keystore. You seem to be using a long-hand way to copy the keystore. Just copy the keystore to the server. In fact it should already be at the server, otherwise you have a risk of leaking the private key.
By default, the keytool utility creates a keystorefile in the directory where the utility is run.
Before You Begin
To run the keytool utility, your shell environmentmust be configured so that the J2SE /bin directory is inthe path, otherwise the full path to the utility must be present on the commandline.
Change to the directory that contains the keystore and truststorefiles.
Always generate the certificate in the directory containingthe keystore and truststore files. The default is domain-dir/config.
Generate the certificate in the keystore file, keystore.jks,using the following command format:
Use any unique name as your keyAlias. Ifyou have changed the keystore or private key password from the default (changeit), substitute the new password for changeit.The default key password alias is s1as.
A prompt appears that asks for your name, organization, and other information.
Export the generated certificate to the server.cer file(or client.cer if you prefer), using the following commandformat:
If a certificate signed by a certificate authority is required,see To Sign a Certificate by Using keytool.
Create the cacerts.jks truststore file andadd the certificate to the truststore, using the following command format:
If you have changed the keystore or private key password from the default(changeit), substitute the new password.
Information about the certificate is displayed and a prompt appearsasking if you want to trust the certificate.
Type yes, then press Enter.
Informationsimilar to the following is displayed:
To apply your changes, restart GlassFish Server. See To Restart a Domain.
Example 11–10 Creating a Self-Signed Certificate in a JKS Keystore by Using an RSAKey Algorithm
Generate Public Key And Private Key Using Keytool Key
RSA is public-key encryption technology developed by RSA Data Security,Inc.
Example 11–11 Creating a Self-Signed Certificate in a JKS Keystore by Using a DefaultKey Algorithm
Example 11–12 Displaying Available Certificates From a JKS Keystore
Example 11–13 Displaying Certificate information From a JKS Keystore
See Also
For more information about keytool, see the keytool reference page.
Related Topics:
'keytool -genkeypair' Command Examples - Generate Key Pair How to use the 'keytool -genkeypair' command? I want to generate a pair of public key and private key for myself. Here is an example of using 'keytool -genkeypair' command to generate a pair of public key and private key for yourself: C:Usersfyicenter>'Program Filesjavajre7binkeytool' -genkey... 2012-07-19, 17350?, 0?
'keytool -exportcert' Command Examples - Exporting Certificate How to use the 'keytool -exportcert' command? I want to export a certificate out of a keystore file and send it to someone else. Here is an example of using 'keytool -exportcert' command to export the self-signed certificate in the '2ndkey' entry from the default keystore file: C:Usersfyicenter>'... 2012-07-19, 16396?, 0?
Private Key Definition
Java 'keytool -genkeypair' Command Options What options are supported by the 'keytool -genkeypair' command? Java Keytool can be used to generate a pair of public key and private key with the 'keytool -genkeypair' command, which supports the following options: C:Usersfyicenter>'Program Filesjavajre7binkeytool' -genkeypair -help keytool... 2012-07-19, 13381?, 0?
Generate Rsa Public Private Key
Help on Using the Java Keytool Command How to get help on using the Java Keytool command? I have never used Keytool before. If you are new to the Java Keytool, you should first read the documentation: keytool - Key and Certificate Management Tool. Java Keytool is a command line tool. You need to run it from a command line window using th... 2012-07-19, 11571?, 0?
Private Key Bitcoin
Java 'keytool -exportcert' Command Options What options are supported by the 'keytool -exportcert' command? Java Keytool can be used to export a single certificate out of a key store file with the 'keytool -exportcert' command which supports the following options: C:Usersfyicenter>'Program Filesjavajre7binkeytool' -exportcert -help ke... 2012-07-19, 8676?, 0?