"keytool -export/import" - Exporting and Importing Certificates

This section provides a tutorial example on how to use the 'keytool -export' command to export certificates out of a 'keystore' file. The 'keytool -import' command can be used to import certificates into a 'keystore' file.

In the second example, I want to export the certificate stored in the key entry to a certificate file, then import it back into the keystore as certificate entry:

herong> keytool -exportcert -alias my_home -file my_home.crt
   -keystore herong.jks -storepass HerongJKS

Certificate stored in file <my_home.crt>

herong> keytool -printcert -file my_home.crt

Owner: CN=Herong Yang, OU=My Unit, O=My Home, L="My City",
   ST=My State, C=US
Issuer: CN=Herong Yang, OU=My Unit, O=My Home, L="My City",
   ST=My State, C=US
Serial number: 3b4da8e2
Valid from: Sun Jul 1 21:06:31 EDT 2018
   until: Thu Oct 18 21:06:31 EDT 2018
Certificate fingerprints:
         SHA1: 3C:80:96:22:E9:D0:E2:2D:B1:74:D5:3A:66:CB:5B:15:EE:DB:...
         SHA256: 72:23:53:A2:C7:1B:7C:65:DE:0A:C7:3B:0A:1C:3A:B2:05:...
Signature algorithm name: SHA256withDSA
Subject Public Key Algorithm: 2048-bit DSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 54 7E 42 F3 55 E6 86 E4   19 15 30 FD F9 DF E6 FD  ...
0010: AE 17 83 AD                                        ....
]
]

Looking good so far:

Certificates can also be exported in a printable format: based on RFC 1421 specification, using the BASE64 encoding algorithm.

herong> keytool -exportcert -alias my_home -file my_home.rfc -rfc
   -keystore herong.jks -storepass HerongJKS

Certificate stored in file <my_home.rfc>

herong> more my_home.rfc
-----BEGIN CERTIFICATE-----
MIIDDTCCAssCBEB5KKQwCwYHKoZIzjgEAwUAMGwxCzAJBgNVBAYTAlVTMREwDwYDVQ...
dGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTEQMA4GA1UEChMHTXkgSG9tZTEQMA4GA1UECx...
dDEUMBIGA1UEAxMLSGVyb25nIFlhbmcwHhcNMDQwNDExMTExNDQ0WhcNMDQwNzEwMT...
MQswCQYDVQQGEwJVUzERMA8GA1UECBMITXkgU3RhdGUxEDAOBgNVBAcTB015IENpdH...
BAoTB015IEhvbWUxEDAOBgNVBAsTB015IFVuaXQxFDASBgNVBAMTC0hlcm9uZyBZYW...
ASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2US...
WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1...
+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCou...
gYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgL...
FhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkI...
BpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAJdQsMlIf1nh4T/HZvVeltsrTGED118CkG...
ygy53OLwrSK+6ptJpXP8tPMn9YFVJ3eigJrMTaZvGyd40WRiYM6Woyj3T4H73LEKLD...
QeNYOAm8cp3l9ZQkNnmIA1P6CRR43EeAmdTUlK8y6RWTsrOiJMdDMAsGByqGSM44BA...
AhQ4zAUOPWe1wdiwye9XDsVPcKS1xwIUWTdok6RIeeCMRIytKwcTOo7/qpM=
-----END CERTIFICATE-----

Table of Contents

 About This JDK Tutorial Book

 JDK (Java Development Kit)

 Java Date-Time API

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Java Logging

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Digital Signature Algorithm and Sample Program

"keytool" Commands and "keystore" Files

 Certificates and Certificate Chains

 What Is "keystore"?

 "keytool" - Key and Certificate Management Tool

 "keytool -genkeypair" - Generating Keys and Self-Signed Certificates

 "keystore" File Type: PKCS12 and JKS

"keytool -export/import" - Exporting and Importing Certificates

 "keytool -keyclone" - Cloning Certificates with New Identities

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Encryption and Decryption

 The SSL (Secure Socket Layer) Protocol

 SSL Socket Communication Testing Programs

 SSL Client Authentication

 HTTPS (Hypertext Transfer Protocol Secure)

 Outdated Tutorials

 References

 Full Version in PDF/EPUB