Last updated on May 5th, 2016 at 01:53 am

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)

Create self signed certificate using keytool. Keytool is a Key and Cerificate tool that Manages a keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates. In this tutorial you will see how to create self signed certificate using keytool?

More information ORACLE REFERENCE

This tutorial will give you step by step information regarding the commands that can be used to create a self signed certificate.

Intially we are going to create keystore with the name server.keystore. Please note that it is recommended to have KEYPASS and KEYSTORE password the same [Here i am using password as changeit and validity for 10 years]

# keytool -genkey -alias TestKey -keypass changeit -keyalg RSA -keystore server.keystore -validity 3650
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Mistonline
What is the name of your organizational unit?
  [Unknown]:  Tutorials
What is the name of your organization?
  [Unknown]:  Team
What is the name of your City or Locality?
  [Unknown]:  New Jersey
What is the name of your State or Province?
  [Unknown]:  New Jersey
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Mistonline, OU=Tutorials, O=Team, L=New Jersey, ST=New Jersey, C=US correct?
  [no]:  yes

Now list the keystore

# keytool -list -keystore server.keystore
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

TestKey, Apr 15, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): 1C:11:2F:8G:1C:TT:C1:1C:11:2F:8G:1C:TT:C1:EE:1C

The next step is to export the certificate TestKey to a server.crt file

# keytool -export -alias TestKey -keypass changeit -file server.crt -keystore server.keystore
Enter keystore password:
Certificate stored in file <server.crt>

Once exported, import the certificate again to the keystore with the alias TestCert, It might prompt that the alias TestKey already exist. Ignore that and type ‘yes’

# keytool -import -alias TestCert -keypass changeit -file server.crt -keystore server.keystore
Enter keystore password:
Certificate already exists in keystore under alias <TestKey>
Do you still want to add it? [no]:  yes
Certificate was added to keystore

Now list the keystore again and you should see an entry that says trustedCertEntry with the alias TestCert.

# keytool -list -keystore server.keystore
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

TestCert, Apr 15, 2014, trustedCertEntry,
Certificate fingerprint (MD5): 1C:11:2F:8G:1C:TT:C1:1C:11:2F:8G:1C:TT:C1:EE:1C
TestKey, Apr 15, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): 1C:11:2F:8G:1C:TT:C1:1C:11:2F:8G:1C:TT:C1:EE:1C
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)

Leave a Reply

Your email address will not be published. Required fields are marked *