"keytool -export/import" - Exporting and Importing Certificates

This section provides a tutorial example on how to use the 'keytool -export' command to export certificates out of a 'keystore' file. The 'keytool -import' command can be used to import certificates into a 'keystore' file.

In the second example, I want to export the certificate stored in the key entry to a certificate file, then import it back into the keystore as certificate entry:

>keytool -exportcert -alias my_home -file my_home.crt 
   -keystore herong.jks -storepass HerongJKS

Certificate stored in file <my_home.crt>

>keytool -printcert -file my_home.crt

Owner: CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My Sta...
Issuer: CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My St...
Serial number: 407928a4
Valid from: Sat Jun 1 07:14:44 EDT 2002 until: Sat Aug 31 07:14:44...
Certificate fingerprints:
   MD5:  BE:D2:AF:4E:A7:44:13:08:16:4C:68:3B:D1:99:79:55
   SHA1: AE:67:0C:C5:21:5C:F6:6F:45:33:9E:FB:8E:50:EA:32:32:D1:92:BB

>keytool -importcert -alias my_home_crt -file my_home.crt
   -keystore herong.jks -storepass HerongJKS

Certificate already exists in keystore under alias <my_home>
Do you still want to add it? [no]:  yes
Certificate was added to keystore

>keytool -list -keystore herong.jks -storepass HerongJKS

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries:

my_home_crt, Sat Jun 1 12:25:46 EDT 2004, trustedCertEntry,
Certificate fingerprint (MD5): BE:D2:AF:4E:A7:44:13:08:16:4C:68:3B...
my_home, Sat Jun 1 07:15:16 EDT 2002, keyEntry,
Certificate fingerprint (MD5): BE:D2:AF:4E:A7:44:13:08:16:4C:68:3B...

Looking good so far:

Certificates can also be exported in a printable format: based on RFC 1421 specification, using the BASE64 encoding algorithm.

>keytool -exportcert -alias my_home -file my_home.rfc -rfc 
   -keystore herong.jks -storepass HerongJKS

Certificate stored in file <my_home.rfc>

>type my_home.rfc

Last update: 2014.

Table of Contents

 About This JDK Tutorial Book

 Downloading and Installing JDK 1.8.0 on Windows

 Downloading and Installing JDK 1.7.0 on Windows

 Downloading and Installing JDK 1.6.2 on Windows

 Java Date-Time API

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Digital Signature Algorithm and Sample Program

"keytool" Commands and "keystore" Files

 Certificates and Certificate Chains

 What Is "keystore"?

 "keytool" - Key and Certificate Management Tool

 "keytool -genkey" - Generating Keys and Self-Signed Certificates

"keytool -export/import" - Exporting and Importing Certificates

 "keytool -keyclone" - Cloning Certificates with New Identities

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Secret Key Encryption and Decryption

 The SSL (Secure Socket Layer) Protocol

 SSL Socket Communication Testing Programs

 SSL Client Authentication

 HTTPS (Hypertext Transfer Protocol Secure)

 Outdated Tutorials


 PDF Printing Version