Return to site
Return to site

Generate Jks File From Crt And Key Using Keytool

broken image


You can use openssl and keytool openssl pkcs12 -export -out domainname.pfx -inkey domainname.key -in domainname.crt -password pass:mypassword keytool -importkeystore -srckeystore domainname.pfx -srcstoretype pkcs12 -srcalias 1 -srcstorepass mypassword -destkeystore domainname.jks -deststoretype jks -deststorepass mypassword -destalias myalias. This command imports the certificate (domain.crt) into the keystore (keystore.jks), under the specified alias (domain). If you are importing a signed certificate, it must correspond to the private key in the specified alias: keytool -importcert -trustcacerts -file domain.crt -alias domain -keystore keystore.jks.

To Generate a Certificate by Using keytool

By default, the keytool utility creates a keystorefile in the directory where the utility is run.

Before You Begin

Lazors. To run the keytool utility, your shell environmentmust be configured so that the J2SE /bin directory is inthe path, otherwise the full path to the utility must be present on the commandline.

  1. Change to the directory that contains the keystore and truststorefiles.

    Always generate the certificate in the directory containingthe keystore and truststore files. The default is domain-dir/config.

  2. Generate the certificate in the keystore file, keystore.jks,using the following command format:


    Use any unique name as your keyAlias. Ifyou have changed the keystore or private key password from the default (changeit), substitute the new password for changeit.The default key password alias is s1as.

    A prompt appears that asks for your name, organization, and other information.

  3. Export the generated certificate to the server.cer file(or client.cer if you prefer), using the following commandformat:


  4. If a certificate signed by a certificate authority is required,see To Sign a Certificate by Using keytool.

  5. Create the cacerts.jks truststore file andadd the certificate to the truststore, using the following command format:


    If you have changed the keystore or private key password from the default(changeit), substitute the new password.

    Information about the certificate is displayed and a prompt appearsasking if you want to trust the certificate.

  6. Type yes, then press Enter.

    Informationsimilar to the following is displayed:


  7. To apply your changes, restart GlassFish Server. See To Restart a Domain.

Example 11–10 Creating a Self-Signed Certificate in a JKS Keystore by Using an RSAKey Algorithm

Convert

RSA is public-key encryption technology developed by RSA Data Security,Inc.

Key
Generate Jks File From Crt And Key Using Keytool

Example 11–11 Creating a Self-Signed Certificate in a JKS Keystore by Using a DefaultKey Algorithm


Keytool Create Jks Keystore

Example 11–12 Displaying Available Certificates From a JKS Keystore
From


Example 11–13 Displaying Certificate information From a JKS Keystore

Keytool View Jks



Keytool Create Jks

How

RSA is public-key encryption technology developed by RSA Data Security,Inc.


Example 11–11 Creating a Self-Signed Certificate in a JKS Keystore by Using a DefaultKey Algorithm


Keytool Create Jks Keystore

Example 11–12 Displaying Available Certificates From a JKS Keystore


Example 11–13 Displaying Certificate information From a JKS Keystore

Keytool View Jks



Keytool Create Jks

See Also

Convert Pfx To Jks Keytool

For more information about keytool, see the keytool reference page.





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save