Java: Create a jks keystore with a selfsigned certificate

Hi,

short “HowTo” today 🙂 This post contains the keytool command line parameters for creating a jks container which contains an key and the selfsigned certificate belongs to that key.

This command line creates the key and the certificate and sets some X509v3 (Keyusage) extensions for which porposes the Certificate can be used. You can find the keytool binary in the bin folder of your Java Runtine Environment (jre).

michael@devdeb ~ $  keytool -genkey -keyalg RSA -alias ServerCertificate -keystore D:\temp\yourKeyStore.jks -dname "cn=hostname.yourdomain.org,ou=Your Department,o=Your Company, c=de,l=Nuremberg,st=Franken" -validity 365 -keysize 2048 -sigalg SHA256withRSA -ext KU:critical=dataEncipherment,keyEncipherment,digitalSignature

Export your certificate

michael@devdeb ~ $ keytool -export -keystore d:\temp\yourKeyStore.jks -alias ServerCertificate -file D:\temp\ServerCertificate.cer

List the content of the container

michael@devdeb ~ $ keytool -list -v -keystore d:\temp\yourKeyStore.jks 

If you want to trust another certificate, import the certificate to your container

michael@devdeb ~ $ keytool -import -alias TrustedCertiticate -file D:\temp\TrustedCertiticate.cer -keystore D:\temp\yourKeyStore.jks

Michael

Leave a Reply Cancel reply