LinuxCommandLibrary

keytool

manages Java keystores and certificates

TLDR

Generate key pair

$ keytool -genkeypair -alias [mykey] -keystore [keystore.jks]
copy
List keystore contents
$ keytool -list -keystore [keystore.jks]
copy
Export certificate
$ keytool -exportcert -alias [mykey] -keystore [keystore.jks] -file [cert.cer]
copy
Import certificate
$ keytool -importcert -alias [trusted] -file [cert.cer] -keystore [keystore.jks]
copy
Change keystore password
$ keytool -storepasswd -keystore [keystore.jks]
copy
Delete entry
$ keytool -delete -alias [mykey] -keystore [keystore.jks]
copy

SYNOPSIS

keytool command [options]

DESCRIPTION

keytool is a key and certificate management utility included with the Java Development Kit. It generates cryptographic key pairs, creates certificate signing requests (CSRs), imports and exports X.509 certificates, and manages keystores that store private keys and trusted certificate chains used by Java applications for SSL/TLS, code signing, and authentication.
The tool supports multiple keystore formats including the legacy Java KeyStore (JKS) and the industry-standard PKCS#12 format. It is commonly used to configure HTTPS for Java-based web servers, establish trust relationships by importing CA certificates, and inspect the contents of existing keystores. Each entry in a keystore is identified by an alias, and access is protected by a store-level password with optional per-key passwords.

PARAMETERS

-genkeypair

Generate key pair.
-list
List keystore entries.
-exportcert
Export certificate.
-importcert
Import certificate.
-alias NAME
Entry alias.
-keystore FILE
Keystore file.
-storepass PASS
Keystore password.
--help
Display help information.

CAVEATS

Part of JDK. Password management important. Multiple keystore formats.

HISTORY

keytool has been part of the JDK since early versions, providing certificate and key management for Java applications.

SEE ALSO

openssl(1), java(1), jarsigner(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community