mirror of
https://github.com/denisidoro/navi
synced 2024-11-25 04:50:21 +00:00
Most common java keytool commands
This commit is contained in:
parent
658b7cdcc2
commit
97073cb3b0
1 changed files with 58 additions and 0 deletions
58
cheats/keytool.cheat
Normal file
58
cheats/keytool.cheat
Normal file
|
@ -0,0 +1,58 @@
|
|||
% java keytool, certificate, encryption
|
||||
|
||||
## Creating
|
||||
# Generate a Java keystore and key pair
|
||||
keytool -genkey -alias <ALIAS> -keyalg RSA -keystore <OUTPUT_JKS> -keysize <RSA_LENGTH>
|
||||
|
||||
# Generate a certificate signing request (CSR) for an existing Java keystore
|
||||
keytool -certreq -alias <ALIAS> -keystore <INPUT_JKS> -file <OUTPUT_CSR>
|
||||
|
||||
# Import a root or intermediate CA certificate to an existing Java keystore
|
||||
keytool -import -trustcacerts -alias root -file <INPUT_CRT> -keystore <INPUT_JKS>
|
||||
|
||||
# Import a signed primary certificate to an existing Java keystore
|
||||
keytool -import -trustcacerts -alias <ALIAS> -file <INPUT_CRT> -keystore <INPUT_JKS>
|
||||
|
||||
# Generate a keystore and self-signed certificate
|
||||
keytool -genkey -keyalg RSA -alias <ALIAS> -keystore <OUTPUT_JKS> -storepass <PASSWORD> -validity <VALIDITY> -keysize <RSA_LENGTH>
|
||||
|
||||
|
||||
|
||||
## Verifying
|
||||
# Check a stand-alone certificate
|
||||
keytool -printcert -v -file <INPUT_CRT>
|
||||
|
||||
# Check which certificates are in a Java keystore
|
||||
keytool -list -v -keystore <INPUT_JKS>
|
||||
|
||||
# Check a particular keystore entry using an alias
|
||||
keytool -list -v -keystore <INPUT_JKS> -alias <ALIAS>
|
||||
|
||||
|
||||
|
||||
## Other
|
||||
# Remove a certificate from a keystore
|
||||
keytool -delete -alias <ALIAS> -keystore <INPUT_JKS>
|
||||
|
||||
# Change the password of a keystore
|
||||
keytool -storepasswd -keystore <INPUT_JKS> -new <NEW_PASSWORD>
|
||||
|
||||
# Export a certificate from a keystore
|
||||
keytool -export -alias <ALIAS> -file <OUTPUT_CRT> -keystore <INPUT_JKS>
|
||||
|
||||
# List the trusted CA Certs from the default Java Trusted Certs Keystore
|
||||
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
|
||||
|
||||
# Import New Certificate Authority into the default Java Trusted Certs Keystore
|
||||
keytool -import -trustcacerts -file <INPUT_PEM> -alias <ALIAS> -keystore $JAVA_HOME/jre/lib/security/cacerts
|
||||
|
||||
|
||||
|
||||
# Sensible/common default alternatives
|
||||
$ VALIDITY: printf "DAYS\tCOMMENT\n1\ta day\n30\ta month\n365\ta year\n730\ttwo years" --- --column 1 --headers 1
|
||||
$ RSA_LENGTH: printf "KEY LENGTH\tCOMMENT\n2048\t\tDefault\n4096\t\tBetter\n8192\t\tSlow?" --- --column 1 --headers 1
|
||||
|
||||
# Attempt to find files with the appropriate endings, default to everything.
|
||||
$ INPUT_CRT: ls -a | grep -e "\(.crt\|.cer\|.der\)" || ls -a
|
||||
$ INPUT_PEM: ls -a | grep -e "\(.pem\)" || ls -a
|
||||
$ INPUT_JKS: ls -a | grep -e "\(.jks\)" || ls -a
|
Loading…
Reference in a new issue