Linux command
keytool 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Generate key pair
keytool -genkeypair -alias [mykey] -keystore [keystore.jks]
List keystore contents
keytool -list -keystore [keystore.jks]
Export certificate
keytool -exportcert -alias [mykey] -keystore [keystore.jks] -file [cert.cer]
Import certificate
keytool -importcert -alias [trusted] -file [cert.cer] -keystore [keystore.jks]
Change keystore password
keytool -storepasswd -keystore [keystore.jks]
Delete entry
keytool -delete -alias [mykey] -keystore [keystore.jks]
Generate a certificate signing request (CSR)
keytool -certreq -alias [mykey] -keystore [keystore.jks] -file [request.csr]
Print certificate details from a file
keytool -printcert -file [cert.cer]
Import a PKCS#12 keystore into a JKS keystore
keytool -importkeystore -srckeystore [keystore.p12] -srcstoretype PKCS12 -destkeystore [keystore.jks]
说明
keytool is a key and certificate management utility included with the Java Development Kit. It generates cryptographic key pairs, creates certificate signing requests (CSRs), imports and exports X.509 certificates, and manages keystores that store private keys and trusted certificate chains used by Java applications for SSL/TLS, code signing, and authentication. The tool supports multiple keystore formats including the legacy Java KeyStore (JKS) and the industry-standard PKCS#12 format. It is commonly used to configure HTTPS for Java-based web servers, establish trust relationships by importing CA certificates, and inspect the contents of existing keystores. Each entry in a keystore is identified by an alias, and access is protected by a store-level password with optional per-key passwords.
参数
- -genkeypair
- Generate key pair.
- -list
- List keystore entries.
- -exportcert
- Export certificate.
- -importcert
- Import certificate or certificate chain.
- -certreq
- Generate a certificate signing request (CSR).
- -printcert
- Print the content of a certificate file.
- -importkeystore
- Import entries from another keystore.
- -delete
- Delete a keystore entry.
- -changealias
- Change an entry's alias.
- -genseckey
- Generate a secret (symmetric) key.
- -alias _NAME_
- Entry alias.
- -keystore _FILE_
- Keystore file.
- -storetype _TYPE_
- Keystore type (JKS, PKCS12).
- -storepass _PASS_
- Keystore password.
- -v
- Verbose output.
- --help
- Display help information.
FAQ
What is the keytool command used for?
keytool is a key and certificate management utility included with the Java Development Kit. It generates cryptographic key pairs, creates certificate signing requests (CSRs), imports and exports X.509 certificates, and manages keystores that store private keys and trusted certificate chains used by Java applications for SSL/TLS, code signing, and authentication. The tool supports multiple keystore formats including the legacy Java KeyStore (JKS) and the industry-standard PKCS#12 format. It is commonly used to configure HTTPS for Java-based web servers, establish trust relationships by importing CA certificates, and inspect the contents of existing keystores. Each entry in a keystore is identified by an alias, and access is protected by a store-level password with optional per-key passwords.
How do I run a basic keytool example?
Run `keytool -genkeypair -alias [mykey] -keystore [keystore.jks]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -genkeypair do in keytool?
Generate key pair.