Med Java

User Tools

Site Tools

Trace:
java:keytool:list-certificates-from-jks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
java:keytool:list-certificates-from-jks [2020/08/08 19:53] odeftajava:keytool:list-certificates-from-jks [2020/08/08 20:20] odefta
Line 1: Line 1:
 ====== Create keystore jks file ====== ====== Create keystore jks file ======
  
-In keystore we want to import the certificate chain and the private key.+In keystore we want to import
 +  * **the certificate chain** 
 +  * **the private key**
 We can't do this directly in keytool. \\   We can't do this directly in keytool. \\  
 A PKCS12 file should be created which then will be imported in keystore. A PKCS12 file should be created which then will be imported in keystore.
Line 15: Line 17:
 </code> </code>
  
-Import the p12 file into a jks fileReplace the password123 with the private key password supplied when it was created.+===== Import the p12 file into a jks file =====  
 + 
 +Replace the password123 with the private key password supplied when it was created.
  
 <code> <code>
Line 30: Line 34:
 Warning: Warning:
 The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore_custom.jks -destkeystore keystore_custom.jks -deststoretype pkcs12". The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore_custom.jks -destkeystore keystore_custom.jks -deststoretype pkcs12".
 +</code>
 +
 +====== Create truststore jks file ======
 +
 +In truststore file we need to import the CA certificates.
 +
 +<code>
 +keytool -import -alias rootca -file ca.crt -storetype JKS -keystore truststore_custom.jks
 +</code>
 +
 +Output:
 +<code>
 +Enter keystore password:
 +Re-enter new password:
 +Owner: OU=AX Software, O=AX, L=Bucharest, ST=Romania, C=RO
 +Issuer: OU=AX Software, O=AX, L=Bucharest, ST=Romania, C=RO
 +Serial number: 72b1b38c2fc0fc33ff298be6e6a704eb4ebd24c4
 +Valid from: Sat Aug 08 15:56:46 EEST 2020 until: Tue Aug 06 15:56:46 EEST 2030
 +Certificate fingerprints:
 +         MD5:  16:2B:B3:B0:9C:0E:12:37:D8:CA:7E:05:9C:23:76:F0
 +         SHA1: 59:B4:0C:EA:AB:8A:48:7D:14:65:6D:6C:D4:07:A9:81:CB:A6:D2:27
 +         SHA256: 07:50:F3:D5:F2:62:6A:9F:27:3C:56:27:4A:CD:D0:E6:34:98:26:F1:20:04:0C:02:9F:22:B0:35:E1:30:DD:50
 +Signature algorithm name: SHA256withRSA
 +Subject Public Key Algorithm: 2048-bit RSA key
 +Version: 3
 +
 +Extensions:
 +
 +#1: ObjectId: 2.5.29.19 Criticality=true
 +BasicConstraints:[
 +  CA:true
 +  PathLen:2147483647
 +]
 +
 +#2: ObjectId: 2.5.29.14 Criticality=false
 +SubjectKeyIdentifier [
 +KeyIdentifier [
 +0000: 58 1E 75 F6 E9 9B 54 41   6D 0E EF 59 5C A6 60 88  X.u...TAm..Y\.`.
 +0010: 82 74 C4 43                                        .t.C
 +]
 +]
 +
 +Trust this certificate? [no]:  yes
 +Certificate was added to keystore
 </code> </code>
  
java/keytool/list-certificates-from-jks.txt · Last modified: 2023/07/04 19:36 by 127.0.0.1