Truststore and Keystore file will be used in the JSSE to provide secured transaction between the client and server. The keytool command is used to create the key store file which contains the public/private keys and then using keystore, Create a truststore file which contains only public keys. In this article, Let us learn how to create Truststore and Keystore file using 5 easy steps given below,
- Generate a private key in keystore file
- Verifiy the newly created keystore file
- Export the certificate
- Import the certificate in to the truststore file
- Verifiy the newly created trust store file
Step 1 - Generate a private key in keystore file
Java Keytool stores the keys and certificates in the keystore file. If you are a “Windows” user, the Keytool command should be executed in the Java bin directory. In my case the directory is “C:\Program Files\Java\jdk1.6.0_12″ and the following command should be executed,
keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks
Once the preceding command is executed, you will be asked for the password, For this article, Let us give the password as “techbrainwave”. Once you give the password, you will be asking for the details as specified in the image below
Next we should verify the newly created key store file.
Step 2 – Verifiy the newly created keystore file
In Step2, Let us verify the newly created keystore.jks file using the following command,
keytool -list -v -keystore keystore.jks
After excuting the above command, you will get the details as specified in the image below,
Next we should export the certificate.
Step 3 – Export the certificate
In step3, Either a self signed certificate or a commercial certificate from “Verisign” or other certificate authority should be exported. For exporting verisign certificates, the article “Steps to configure Verisign certificate for Oracle Glassfish Server” would be helpful. In this article, Let us see how to export a self signed certificate.
The preceding self signed certificate should be stored in a file named “selfsignedcert.cer” and then execute the following command,
keytool -export -alias certificatekey -keystore keystore.jks -rfc -file selfsignedcert.cer
After executing the above command, you will be asked for the password, Give the same password “techbrainwave” and you will get the details as specified in the image below,
Next we should import the certificate in to the truststore file.
Step 4 – Import the certificate in to the truststore file
In step4, Let us import the certificate by executing the below command,
keytool -import -alias certificatekey -file selfsignedcert.cer \ -keystore truststore.jks
After executing the preceding command, Give the same password “techbrainwave” and you will get the details as specified in the image below,
Next let us verify the newly created trust store file.
Step 5 – Verify the newly created trust store file
In step5, verify the newly created trust store file by executing the following command,
keytool -list -v -keystore truststore.jks
After executing the preceding command, you will get the details as specified in the image below,
Thats all folks. I hope this article clearly gives the Step by step tutorial to create simple Keystore and Truststore file. If you find this article is useful for you, dont forget to leave your valuable comments. Have a joyous code day.