Java KeyTool : Generate JKS KeyStore Using KeyTool and Export Certificate from KeyStore
Java Keytool is a command line utility that can be use to generate keystores. And afterward we can export keys and self signed public certificates from it with various command options provided by Java Key Tool.
In this Java Keytool article , I will explain how to generate JKS keystore using Java Keytool and then how to export public certificate from JKS keystore file using Java Keytool.
Java Keytool Utility
It is a command line utility that is available as part of JDK installation. And in the bin folder of JDK installation. Java Key tool is use to create self signed certificates. This tool provides variety of options including creating a keystore, exporting private keys and public certificates from the keystore, and importing certificates into the keystore.
Now we will proceed with step by step for creating Keystore and exporting public certificate from it using Java Keytool.
Java Keytool Step 1: Create JKS File using Java KeyTool
To make a keystore in JKS format, we will use keytool with genkey options as below where we specify alias, algorithm to be use and also name of the keystore file along with its location where it needs to be saved.
keytool -genkey -keyalg RSA -alias mykeystore -keystore mykeystore.jks -storepass 12345678 -validity 360
Each of the
- -genkey : This is command for generating keys.
- -keyalg RSA : This is command for algorithm use for keystore.
- -alias selfsigned : This indicates the alias to be use in the future to refer to the keystore entry containing the keys that will be generated.
- -keystore keystore.jks : This indicates the name of the keystore you are creating or already using. And if you not specified the path, it will created in java installation bin folder.
- storepass : This value for specifies the keystore password.
- -validity 360 : Specifies the number of days that the certificate is to be valid.
You will be ask to various information including first & last name, name of organization unit, organization name, name of city, state and country. And then you will be asked to confirm all provided details if everything is correct.
If you need to have different password for key than the keystore password, you can give a alternate password otherwise you can press enter and same password will be used for keystore and key file.
As we see in screenshot, we have successfully created a keystore file in JKS format.
Java KeyTool Step 2: Export Certificate from JKS Keystore File
From our generated mykeystore.jks kestore file, we can export public certificate in .cer format using below command:
keytool -export -alias mykeystore -file mykeystore.crt -keystore mykeystore.jks -storepass 12345678
The above command will export public certificate in a file with the name as ‘mykeystore.crt’ specified in -file option. Similarly, if you are not provid -storepass then when running command you will be prompted to provide keystore password and then file will get created containing your public certificate as you can see in screenshot below: