Java Keytool

As someone who frequently works with digital ids and signatures, keytool is a must have. Here are a few common commands I use when working with keytool. You can also find the complete documentation here.

Generate a new digital id:

keytool -genkey -keystore c:\test\keystore.p12 -storetype pkcs12 -storepass password -keypass password -alias myAlias -keyalg RSA -validity 3650

To create a chained certificate, generate both the parent and the child using the command above. Then use the command below to chain the two and export the child certificate:

keytool -alias child -keystore c:\test\child.p12 -storepass password -certreq |keytool -alias parent -keystore c:\test\parent.p12 -storepass password -gencert > child.cert

Leave a Reply

Your email address will not be published. Required fields are marked *