1. What is Keytool?
A keytool is a command line platform in Java used for storing and generating certificates and private keys. It functions by enabling users to manage and access their public and private key pairs and certificates that are cached by the server due to previous authentifications and used for SSL/TLS connections. Inorder to access the keytool command line, type "Keytool" followed by pressing the key "Enter" in powershell, cmd.exe or other command line tools that can run in administrator mode. It can be illustrated like this:
2. Creating a Self-Signed Certificate
Self-signed certificates are certificates that are used to test the environment and are the best alternatives for purchasing and renewing yearly certifications. This certificate is issued and signed by the company or developer who is responsible for the website or software associated with the certificate. The example below shows you how to create one in your command-line tool.
3. Listing Certificates in the Keystore
Inorder to list the certificates present in our keystore, we use the "Keytool list command" as such:
4. CACERTS keystore
A "CACERTS" is a truststore. A truststore is a category of keystore. A truststore is used to authenticate peers meanwhile a keystore is used to authenticate yourself. Truststores are used to store certificates from certified authorities (CA) that verify certificates presented by the server through SSL connections while keystore is used to store private keys and certificates that are specific to both parties server and client for verification. This example shows you a CACERTS keystore:
5. Deleting an Alias
We use the “Keytool delete” command to delete any alias in the keystore. In this example we will show you how to delete an alias as shown:
6. Changing Java Keystore Password
Inorder to change a Java Keystore password, we use the "keytool -keypasswd" command. It should be noted here that the default Java keystore password is “change it”. It can be demonstrated like this:
7. Exporting Certificate from a Keystore
When trying to export a certificate from a keystore, we use the command "keytool -exportcert" an example is illustrated below:
8. Other Features
Incase you need to check the content of certificate you created, you can use the "keytool -printcert" command and it will show you every information you have in your certificate. Thanks for reading!
