Java keytool是密钥和证书管理工具。它使用户能够管理自己的公钥/私钥对及相关证书,用于(通过数字签名)自我认证(用户向别的用户/服务认证自己)或数据完整性以及认证服务。它还允许用户储存他们的通信对等者的公钥(以证书形式)。
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
keytool -import -trustcacerts -alias root -file mydomain.crt -keystore keystore.jks
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
keytool -printcert -v -file mydomain.crt
keytool -list -v -keystore keystore.jks
keytool -list -v -keystore keystore.jks -alias mydomain
keytool -delete -alias mydomain -keystore keystore.jks
keytool -storepasswd -new new_storepass -keystore keystore.jks
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
Keytool 是一个Java数据证书的管理工具 ,Keytool将密钥(key)和证书(certificates)存在一个称为keystore的文件中在keystore里,包含两种数据:密钥实体(Key entity)-密钥(secret key)或者是私钥和配对公钥(采用非对称加密)可信任的证书实体(trusted certificate entries)-只包含公钥.
JDK中keytool常用参数说明(不同版本有差异,详细可参见【附录】中的官方文档链接):
Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. It also allows users to cache certificates. Java Keytool stores the keys and certificates in what is called a keystore. By default the Java keystore is implemented as a file. It protects private keys with a password. A Keytool keystore contains the private key and any certificates necessary to complete a chain of trust and establish the trustworthiness of the primary certificate.
Each certificate in a Java keystore is associated with a unique alias. When creating a Java keystore you will first create the .jks file that will initially only contain the private key. You will then generate a CSR and have a certificate generated from it. Then you will import the certificate to the keystore including any root certificates. Java Keytool also several other functions that allow you to view the details of a certificate or list the certificates contained in a keystore or export a certificate.