Keytool Generate New Private Key

  1. Keytool Generate New Private Key Code
  2. Keytool Generate New Private Key Certificate
  3. Keytool Import Certificate
  4. Keytool Generate New Private Key Mac
  5. Keytool Generate Private Key
  6. Add Private Key To Keystore

Securing your Java application with an SSL certificate can be extremely important. Fortunately, it is (usually) quite simple to do using Java Keytool. Most situations require that you buy a trusted certificate, but there are many cases when you can generate and use a self signed certificate for free.

Recommended Method: Use the DigiCert Java Keytool CSR Wizard. Save yourself some time: Use the DigiCert Java Keytool CSR Wizard to generate a Keytool command to create your Tomcat keystore and CSR. Simply fill out the form, click Generate, and then paste your customized Java Keytool command into your terminal. The Java keytool utility creates both your private key and your certificate signing. Aug 20, 2012  Generating Key Pairs and Importing Public Key Certificates to a Trusted Keystore. Anyway if you are looking to know how to generate a key pair or import a certificate to a Keystore using. You can use the keytool utility provided with the Sun Microsystems™ Java Development Kit to produce a private key in a keystore. To use keytool to create a private key: Open your operating system's command prompt. Change directories to your JDK's bin folder.

Keytool Generate New Private Key Code

When to Use a Keytool Self Signed Certificate

An SSL certificate serves two essential purposes: distributing the public key and verifying the identity of the server so users know they aren't sending their information to the wrong server. It can only properly verify the identity of the server when it is signed by a trusted third party. A self signed certificate is a certificate that is signed by itself rather than a trusted authority. Since any attacker can create a self signed certificate and launch a man-in-the-middle attack, a user can't know whether they are sending their encrypted information to the server or an attacker. Because of this, you will almost never want to use a self signed certificate on a public Java server that requires anonymous visitors to connect to your site. However, self signed certificates have their place:

Never use a self signed certificate on an e-commerce site or any site that transfers valuable personal information like credit cards, social security numbers, etc.

  • An Intranet. When clients only have to go through a local Intranet to get to the server, there is virtually no chance of a man-in-the-middle attack.
  • A Java development server. There is no need to spend extra cash buying a trusted certificate when you are just developing or testing an application.
  • Personal sites with few visitors. If you have a small personal site that transfers non-critical information, there is very little incentive for someone to attack the connection.

Just keep in mind that visitors will see a warning in their browsers (like the one below) when connecting to a server that uses a self signed certificate until it is permanently stored in their certificate store.

Generate a Self Signed Certificate using Java Keytool

Now that you know when to use a Keytool self signed certificate, let's create one using a simple Java Keytool command:

  1. Open the command console on whatever operating system you are using and navigate to the directory where keytool.exe is located (usually where the JRE is located, e.g. c:Program FilesJavajre6bin on Windows machines).
  2. Run the following command (where validity is the number of days before the certificate will expire):
    keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
  3. Fill in the prompts for your organization information. When it asks for your first and last name, enter the domain name of the server that users will be entering to connect to your application (e.g. www.google.com)

This will create a keystore.jks file containing a private key and your sparklingly fresh self signed certificate. Now you just need to configure your Java application to use the .jks file. If you are using Tomcat, you can follow our Tomcat SSL Installation Instructions.

For more information on creating a Java Keytool Self Signed Certificate, see the following links:

Keytool Generate New Private Key Certificate

Originally posted on Sat Oct 30, 2010

Save

Keytool Import Certificate

Save

Save

In order to generate the CSR code on Tomcat, you can use keytool commands.

First, you need to create a keystore that will contain the private key.

Open up a command line interface and run the following command:

keytool -genkey -keysize 2048 -keyalg RSA -alias tomcat -keystore yourkeystore.jks

Keytool Generate New Private Key Mac

You are free to use any custom alias and a keystore name.

Keytool Generate Private Key

You will be asked to enter a password for the keystore. Remember this password for later use. The default value is *changeit*.

After that you will be asked the following questions:

What is your first and last name?enter the *fully qualified domain name* you want to secure with the SSL certificate (ex.: domain.com or sub.domain.com).
What is the name of your organizational unit? – provide the name of a division or department within the organization. For Domain Validation certificates you can enter ‘NA’.
What is the name of your organization? – provide the officially registered name for your business.
What is the name of your City or Locality? – provide the complete name of your city or locality. Please do not use abbreviations.
What is the name of your State or Province? – provide the complete name of your state or region.
What is the two-letter country code for this unit? – enter two-letter code of your country (uppercase).

Add Private Key To Keystore

Then you will be asked if the information you submitted is correct:
Is CN=example.com, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?

Please type ‘y’ or ‘yes’ to confirm everything is correct.

After the keystore with the private key is generated, you can use the following command to generate the CSR code:

keytool -certreq -keyalg RSA -alias tomcat -file example.csr -keystore example.jks

You will be prompted to enter keystore password.

Now you have a file called example.csr with the certificate signing request. You can open it with any text editor, copy the content including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– headers and submit it for activation of the certificate purchased with us.

Key

After the certificate is issued, follow the steps from this article to install the SSL certificate on your Tomcat server.