keytool

Generate key pair

$ keytool -genkeypair -alias [mykey] -keystore [keystore.jks]

$ keytool -list -keystore [keystore.jks]

$ keytool -exportcert -alias [mykey] -keystore [keystore.jks] -file [cert.cer]

$ keytool -importcert -alias [trusted] -file [cert.cer] -keystore [keystore.jks]

$ keytool -storepasswd -keystore [keystore.jks]

$ keytool -delete -alias [mykey] -keystore [keystore.jks]

keytool command [options]

keytool is a key and certificate management utility included with the Java Development Kit. It generates cryptographic key pairs, creates certificate signing requests (CSRs), imports and exports X.509 certificates, and manages keystores that store private keys and trusted certificate chains used by Java applications for SSL/TLS, code signing, and authentication.
The tool supports multiple keystore formats including the legacy Java KeyStore (JKS) and the industry-standard PKCS#12 format. It is commonly used to configure HTTPS for Java-based web servers, establish trust relationships by importing CA certificates, and inspect the contents of existing keystores. Each entry in a keystore is identified by an alias, and access is protected by a store-level password with optional per-key passwords.

-genkeypair

Generate key pair.

List keystore entries.

Export certificate.

Import certificate.

Entry alias.

Keystore file.

Keystore password.

Display help information.

Part of JDK. Password management important. Multiple keystore formats.

keytool has been part of the JDK since early versions, providing certificate and key management for Java applications.

openssl(1), java(1), jarsigner(1)