keytool ascendance inward Java is a tool for managing certificates into keyStore together with trustStore which is used to shop certificate together with requires during SSL handshake process. By using keytool command you lot tin create many things but around of the well-nigh mutual performance is viewing certificate stored inward keystore, importing novel certificates into keyStore, delete whatever certificate from keystore etc. For those who are non familiar keyStore, trustStore together with SSL Setup for Java application , Here is a brief overview on What is a trustStore together with keyStore inward Java. Both trustStore and keyStrore is used to shop certificate signed past times signer authorisation or CA (Certificate authority), amongst keyStore additionally storing personal certificate for customer which is used during client authentication on SSL handshake procedure if its enable. In this article nosotros volition encounter around basic event of keytool ascendance inward Java to detect how many certificates nosotros direct keep inward keyStore , viewing those certificates, adding novel certificates together with deleting former certificates from keyStore or trustStore inward Java.
How to utilisation keytool ascendance inward Java
PATH is prepare correctly for Java. If Path is non prepare properly it volition complain that non able to detect keytool command. Don't worry you lot simply involve to add together JAVA_HOME/bin directory inward your path to larn keytool ascendance working.
keytool ascendance to detect how many certificates are inward keyStore:
This is the commencement event of keytool ascendance which volition exhibit you lot how many certificates are stored inward trustStore or keyStore file :
test@nykdev32:/cygdrive/c/Program Files/Java/jdk1.6.0_26/jre/lib/security keytool -list -keystore jssecacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 81 entries
digicertassuredidrootca, 07/01/2008, trustedCertEntry,
Certificate fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
trustcenterclass2caii, 07/01/2008, trustedCertEntry,
above keytool ascendance shows that default keystore jssecacerts, which comes along amongst JRE together with introduce inward JAVA_HOME directory on path JAVA_HOME/JRE/lib/security, has 81 certificates inward it together with keyStore type is JKS which stands for Java Key Store. One of those certificates are from digicert
Now if you lot desire to encounter details of certificates e.g. Common cite (CN) together with other attribute you lot tin utilisation next keytool ascendance to stance details of certificates stored inward keyStore inward Java :
keytool ascendance to stance certificate details from keyStore :
test@nykdev32:/cygdrive/c/Program Files/Java/jdk1.6.0_26/jre/lib/security keytool -list -v -keystore jssecacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 81 entries
Alias name: digicertassuredidrootca
Creation date: 07/01/2008
Entry type: trustedCertEntry
Owner: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: ce7e0e517d846fe8fe560fc1bf03039
Valid from: Thu November 09 20:00:00 VET 2006 until: Dominicus November 09 19:30:00 VET 2031
Certificate fingerprints:
MD5: 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
SHA1: 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
Signature algorithm name: SHA1withRSA
Version: 3
Now if you lot desire to import whatever certificate into this keystore you lot tin utilisation next keytool ascendance :
keytool ascendance for adding certificate inward keystore together with trustStore :
keytool -import -alias adding_certificate_keystore -file self.cer -keystore jssecacerts
this volition impress certificate details together with prompt you lot to convey the certificate, i time you lot confirm that past times typing Yes, certificate volition locomote added into your keyStore. For verification piece of occupation you lot tin re run previous keytool ascendance to larn full set out of certificate inward keystore. For event if nosotros run next keytool ascendance , it should impress 82 certificates inward keyStore :
test@nykdev32:/cygdrive/c/Program Files/Java/jdk1.6.0_26/jre/lib/security keytool -list -keystore jssecacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 82 entries
Another useful keytool ascendance choice is -printcert which prints details of a certificate stored inward .cer file :
/ keytool -printcert -file test.cer
That's all on around basic keytool ascendance example for viewing together with adding certificates into keystore together with trustStore inward Java. I nevertheless prefer a GUI tool for creating keystore together with managing certificates but keytool is skillful choice because its comes along amongst JDK installation together with available inward well-nigh places.
Further Learning
Data Structures together with Algorithms: Deep Dive Using Java
10 Tricky Java interview question - Answered
No comments:
Post a Comment