∟"keytool -genkey" - Generating Keys and Self-Signed Certificates
This section provides a tutorial example on how to use the 'keytool -genkey' command to generate a new pair of keys and self-signed certificate in a new 'keystore' file.
In the first example, I want to try the "-genkeypair" command option:
>keytool -genkeypair -alias my_home -keystore herong.jks
Enter keystore password: HerongJKS
What is your first and last name?
[Unknown]: Herong Yang
What is the name of your organizational unit?
[Unknown]: My Unit
What is the name of your organization?
[Unknown]: My Home
What is the name of your City or Locality?
[Unknown]: My City
What is the name of your State or Province?
[Unknown]: My State
What is the two-letter country code for this unit?
Is <CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My State,
Enter key password for <my_home>
(RETURN if same as keystore password): My1stKey
Based on the documentation, the above example command should do the following for me:
Create a "keystore" file, herong.jks, in JKS format, with password of "HerongJKS".
Generate a pair of private key and public key for me using the default implementation
of the default security package.
Generate a certificate chain with a single self-signed certificate of my public key.
Insert a key entry into the keystore with my private key and the certificate chain.
The following command shows that we do have a key entry in the keystore file:
>keytool -list -keystore herong.jks -storepass HerongJKS
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry:
my_home, Sat Jun 1 07:15:16 EDT 2002, keyEntry,