My Java Keytool cheat sheet

# List all entries in a JKS
keytool -list -keystore mykeystore.jks -storepass changeit

# List all entries in a PKCS12
keytool -list -keystore mykeystore.jks -storepass changeit -storetype pkcs12

# List detailed information about all entries in a JKS
keytool -list -v -keystore mykeystore.jks -storepass changeit

# Rename an alias in a JKS
keytool -changealias -alias "client01" -destalias "client02" -keystore mykeystore.jks -storepass changeit

# Remove an alias in a JKS
keytool -delete -alias "client01" -keystore mykeystore.jks -storepass changeit

# Create a JKS with a self-signed certificate
keytool -genkey -keyalg RSA -alias client01 -keystore mykeystore.jks -storepass changeit -validity 365 -keysize 2048

# Create a JKS and import certificate from file (if keystore does not exist it will be created)
keytool -keystore mykeystore.jks -storepass changeit -import -file mycertfile.crt

# Import a certificate to trust to a jks
keytool -import -alias server01 -file server01.crt -keystore mykeystore.jks

# Change JKS keystore password
keytool -storepasswd -keystore mykeystore.jks

# Change a JKS key's password:
keytool -keypasswd  -alias <key_name> -keystore mykeystore.jks

# Extract certificate from a jks keystore
keytool -export -keystore mykeystore.jks -alias client01 -file client01.crt

# Convert a PKCS12 (p12) certificate to JKS
keytool -importkeystore  
  -srckeystore mysourcekeystore.p12 
  -destkeystore mydestkeystore.jks 
  -srcstoretype PKCS12 
  -deststoretype JKS 
  -srcstorepass mysourcepassword 
  -deststorepass mydestpassword 
  -srcalias mysourcecertalias 
  -destalias mydetscertalias 
  -srckeypass mysourcekeypassword 
  -destkeypass mydestkeypassword

# Convert a JKS keystore to a PKCS12 keystore
keytool -importkeystore 
  -srckeystore mykeystore.jks 
  -destkeystore mykeystore.p12
  -deststoretype pkcs12 

# Generate a self-signed certificate and put it into a JKS (valid for 720 days)
keytool -genkey 
  -keyalg RSA 
  -alias server 
  -keystore selfsigned.jks 
  -validity 720 
  -keysize 2048

Tested on Red Hat 7 and Java 8

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre lang="" line="" escaped="" cssfile="">

This site uses Akismet to reduce spam. Learn how your comment data is processed.