KEYTOOL BASICS

I will show you the steps that you need to do if you need to put the certificate in the keystore. It does not matter if the certificate is Verisign or self signed certificate.

- There is a default keystore that you can use (I can see you are novice and I will recommend to use the default keytsotre). The default keystore is at the following location

$JDK_HOME$/jre/lib/security

The default keystore name is cacerts

Using keytool, it is possible to display, import, and export certificates

e.g. To view all the certificates already in the keystore use following command

>keytool -list -keystore cacerts

>Enter keystore password: changeit

Importing Certificates

To import a certificate from a file, use the -import command, as in

>keytool -import -keystore cacerts -alias joe -file jcertfile.cer

This sample command imports the certificate(s) in the file jcertfile.cer and stores it in the keystore entry identified by the alias joe.

You import a certificate for two reasons:

1. to add it to the list of trusted certificates, or

2. to import a certificate reply received from a CA as the result of submitting a Certificate Signing Request (see the -certreq command) to that CA.

lionfooa at 2007-7-15 2:09:57 >