Java Keytool

As someone who frequently works with digital ids and signatures, keytool is a must have. Here are a few common commands I use when working with keytool. You can also find the complete documentation here.

Generate a new digital id:

keytool -genkey -keystore c:\test\keystore.p12 -storetype pkcs12 -storepass password -keypass password -alias myAlias -keyalg RSA -validity 3650

To create a chained certificate, generate both the parent and the child using the command above. Then use the command below to chain the two and export the child certificate:

keytool -alias child -keystore c:\test\child.p12 -storepass password -certreq |keytool -alias parent -keystore c:\test\parent.p12 -storepass password -gencert > child.cert

Or to add the certificate to the chained certificate to the digital id, create both keys in chain.p12 as in the first example. Then chain the two together like this:

keytool -alias child -certreq -keystore chain.p12 -storepass password | keytool -alias parent -gencert -ext san=dns:child -keystore chain.p12 -storepass password | keytool -alias child -importcert -keystore chain.p12 -storepass password