In this blog today I have mentioned some commands of keytool and keystore to create, import and export certificates or keystore.
On your client machine, find where your cacerts file is (that's your default Java trust store, and is, by default, located at <java-home>/lib/security/certs/cacerts.
<h1><strong>Create private key and keystore</strong></h1>
keytool -genkey -alias ftpKey -keystore mykeystore.store
output will look like
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -genkey -alias ftpKey -keystore mykeystore.store
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: sagar
What is the name of your organizational unit?
[Unknown]: myfirm
What is the name of your organization?
[Unknown]: testfirm
What is the name of your City or Locality?
[Unknown]: pune
What is the name of your State or Province?
[Unknown]: MH
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN correct?
[no]: Y
Enter key password for <ftpKey>
(RETURN if same as keystore password):
Re-enter new password:
<h1>Generate a temporary certificate file</h1>
$ keytool -export -alias ftpKey -file certfile.cer -keystore mykeystore.store
Ouput of this command is
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -export -alias ftpKey -file certfile.cer -keystore mykeystore.store
Enter keystore password:
Certificate stored in file <certfile.cer>
<h1> Export Certificate</h1>
Now we will export the certificate which we have created.
keytool -export -alias ftpKey -file certfile.cer -keystore mykeystore.store
out put of the above command is
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -export -alias ftpKey -file certfile.cer -keystore mykeystore.store
Enter keystore password:
Certificate stored in file <certfile.cer>
you will be able to see certfile.cer file in the security folder
<h1>Import this certificate into a new public keystore</h1>
Now we are going to import this certificate into public keystore
keytool -import -alias publicFtpCert -file certfile.cer -keystore mypublicKey.store
it will show below output
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -import -alias publicFtpCert -file certfile.cer -keystore mypublicKey.store
Enter keystore password:
Re-enter new password:
Owner: CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN
Issuer: CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN
Serial number: 50dc8cfe
Valid from: Thu May 21 11:07:34 IST 2015 until: Wed Aug 19 11:07:34 IST 2015
Certificate fingerprints:
MD5: 14:41:AD:6D:A3:EB:30:82:7B:C2:8D:F0:FC:A3:53:E0
SHA1: 81:25:A6:AD:26:A3:98:D4:19:1F:D1:10:8F:5F:89:30:A6:8E:B3:C7
SHA256: 03:24:22:96:32:18:C3:18:BB:44:0A:B0:11:76:49:E1:97:7F:B2:8D:75:7B:99:34:B9:2F:7A:48:AA:81:89:3B
Signature algorithm name: SHA1withDSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E9 96 49 8C 29 7E CE E2 6B B2 3E 88 B6 66 E3 41 ..I.)...k.>..f.A
0010: 16 1E 2D 4F ..-O
]
]
Trust this certificate? [no]: Y
Certificate was added to keystore
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>
<h1>How to view information about a keystore (keytool list)</h1>
$ keytool -list -v -keystore mykeystore.store
You will get below output
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -list -v -keystore mykeystore.store
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: ftpkey
Creation date: 21-May-2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN
Issuer: CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN
Serial number: 50dc8cfe
Valid from: Thu May 21 11:07:34 IST 2015 until: Wed Aug 19 11:07:34 IST 2015
Certificate fingerprints:
MD5: 14:41:AD:6D:A3:EB:30:82:7B:C2:8D:F0:FC:A3:53:E0
SHA1: 81:25:A6:AD:26:A3:98:D4:19:1F:D1:10:8F:5F:89:30:A6:8E:B3:C7
SHA256: 03:24:22:96:32:18:C3:18:BB:44:0A:B0:11:76:49:E1:97:7F:B2:8D:75:7B:99:34:B9:2F:7A:48:AA:81:89:3B
Signature algorithm name: SHA1withDSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E9 96 49 8C 29 7E CE E2 6B B2 3E 88 B6 66 E3 41 ..I.)...k.>..f.A
0010: 16 1E 2D 4F ..-O
]
]
*******************************************
*******************************************
On your client machine, find where your cacerts file is (that's your default Java trust store, and is, by default, located at <java-home>/lib/security/certs/cacerts.
<h1><strong>Create private key and keystore</strong></h1>
keytool -genkey -alias ftpKey -keystore mykeystore.store
output will look like
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -genkey -alias ftpKey -keystore mykeystore.store
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: sagar
What is the name of your organizational unit?
[Unknown]: myfirm
What is the name of your organization?
[Unknown]: testfirm
What is the name of your City or Locality?
[Unknown]: pune
What is the name of your State or Province?
[Unknown]: MH
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN correct?
[no]: Y
Enter key password for <ftpKey>
(RETURN if same as keystore password):
Re-enter new password:
<h1>Generate a temporary certificate file</h1>
$ keytool -export -alias ftpKey -file certfile.cer -keystore mykeystore.store
Ouput of this command is
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -export -alias ftpKey -file certfile.cer -keystore mykeystore.store
Enter keystore password:
Certificate stored in file <certfile.cer>
<h1> Export Certificate</h1>
Now we will export the certificate which we have created.
keytool -export -alias ftpKey -file certfile.cer -keystore mykeystore.store
out put of the above command is
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -export -alias ftpKey -file certfile.cer -keystore mykeystore.store
Enter keystore password:
Certificate stored in file <certfile.cer>
you will be able to see certfile.cer file in the security folder
<h1>Import this certificate into a new public keystore</h1>
Now we are going to import this certificate into public keystore
keytool -import -alias publicFtpCert -file certfile.cer -keystore mypublicKey.store
it will show below output
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -import -alias publicFtpCert -file certfile.cer -keystore mypublicKey.store
Enter keystore password:
Re-enter new password:
Owner: CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN
Issuer: CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN
Serial number: 50dc8cfe
Valid from: Thu May 21 11:07:34 IST 2015 until: Wed Aug 19 11:07:34 IST 2015
Certificate fingerprints:
MD5: 14:41:AD:6D:A3:EB:30:82:7B:C2:8D:F0:FC:A3:53:E0
SHA1: 81:25:A6:AD:26:A3:98:D4:19:1F:D1:10:8F:5F:89:30:A6:8E:B3:C7
SHA256: 03:24:22:96:32:18:C3:18:BB:44:0A:B0:11:76:49:E1:97:7F:B2:8D:75:7B:99:34:B9:2F:7A:48:AA:81:89:3B
Signature algorithm name: SHA1withDSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E9 96 49 8C 29 7E CE E2 6B B2 3E 88 B6 66 E3 41 ..I.)...k.>..f.A
0010: 16 1E 2D 4F ..-O
]
]
Trust this certificate? [no]: Y
Certificate was added to keystore
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>
<h1>How to view information about a keystore (keytool list)</h1>
$ keytool -list -v -keystore mykeystore.store
You will get below output
C:\Program Files\Java\jdk1.7.0_03\jre\lib\security>keytool -list -v -keystore mykeystore.store
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: ftpkey
Creation date: 21-May-2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN
Issuer: CN=sagar, OU=myfirm, O=testfirm, L=pune, ST=MH, C=IN
Serial number: 50dc8cfe
Valid from: Thu May 21 11:07:34 IST 2015 until: Wed Aug 19 11:07:34 IST 2015
Certificate fingerprints:
MD5: 14:41:AD:6D:A3:EB:30:82:7B:C2:8D:F0:FC:A3:53:E0
SHA1: 81:25:A6:AD:26:A3:98:D4:19:1F:D1:10:8F:5F:89:30:A6:8E:B3:C7
SHA256: 03:24:22:96:32:18:C3:18:BB:44:0A:B0:11:76:49:E1:97:7F:B2:8D:75:7B:99:34:B9:2F:7A:48:AA:81:89:3B
Signature algorithm name: SHA1withDSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E9 96 49 8C 29 7E CE E2 6B B2 3E 88 B6 66 E3 41 ..I.)...k.>..f.A
0010: 16 1E 2D 4F ..-O
]
]
*******************************************
*******************************************
No comments:
Post a Comment