Commonly Used Keytool/OpenSSL Commands

Posted by

keytool is a key and certificate management utility. It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication

Convert JKS to PKCS12

keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12

Get Private Key from Keystore

keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12

openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem

Get Keystore from Private Key and pem Certificate

openssl pkcs12 -export -inkey privatekey.pem -in cert.pem -name mycert -out keystore.p12

Import a root or intermediate CA certificate to an existing Java keystore

keytool -v -import -keystore keystore.jks -alias root_ca -file ./cert.pem

Convert PKCS12 to pem

openssl pkcs12 -in keystore.p12 -out keystore.pem

Generate CSR for SAN Certificate

keytool -genkeypair -keystore keystore.jks -alias localhost1-keyalg RSA -keysize 2048 -dname "CN=localhost1"

keytool -certreq -keystore keystore.jks -alias localhost1 -sigalg SHA256withRSA -ext san=dns:localhost1,localhost2

Get keystore from PKCS12

keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12

List Certificate Contents

keytool -list -keystore keystore.jks

keytool -list -v -keystore keystore.jks

Generate Private Key

openssl genrsa -aes256 -out privatekey.pem 2048

Generate CSR (Certificate Signing Request)

openssl req -new -sha256 -key privatekey.pem -out certreq.csr

Get PKCS from Private Key and Chain Cert

openssl pkcs12 -export -inkey privatekey.pem -in chain.pem -name mycert -out keystore.p12

Leave a Reply

Your email address will not be published.