Java Tools Tutorials - Herong's Tutorial Notes - Version 5.32, by Dr. Herong Yang
Exporting and Import Certificates
This section provides a tutorial example on how to export certificates from and import certificates into 'keystore' files using 'keytool'.
In the second example, I want to export the certificate stored in the key entry to a certificate file, then import it back into the keystore as certificate entry:
C:\herong>keytool -export -alias my_home -file my_home.crt -keystore herong.jks -storepass HerongJKS Certificate stored in file <my_home.crt> C:\herong>keytool -printcert -file my_home.crt Owner: CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My Sta... Issuer: CN=Herong Yang, OU=My Unit, O=My Home, L=My City, ST=My St... Serial number: 407928a4 Valid from: Sat Jun 1 07:14:44 EDT 2012 until: Sat Aug 31 07:14:44... Certificate fingerprints: MD5: BE:D2:AF:4E:A7:44:13:08:16:4C:68:3B:D1:99:79:55 SHA1: AE:67:0C:C5:21:5C:F6:6F:45:33:9E:FB:8E:50:EA:32:32:D1:92:BB C:\herong>keytool -import -alias my_home_crt -file my_home.crt -keystore herong.jks -storepass HerongJKS Certificate already exists in keystore under alias <my_home> Do you still want to add it? [no]: yes Certificate was added to keystore C:\herong>keytool -list -keystore herong.jks -storepass HerongJKS Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries: my_home_crt, Sat Jun 1 12:25:46 EDT 2013, trustedCertEntry, Certificate fingerprint (MD5): BE:D2:AF:4E:A7:44:13:08:16:4C:68:3B... my_home, Sat Jun 1 07:15:16 EDT 2012, keyEntry, Certificate fingerprint (MD5): BE:D2:AF:4E:A7:44:13:08:16:4C:68:3B...
Looking good so far:
Certificates can also be exported in a printable format: based on RFC 1421 specification, using the BASE64 encoding algorithm.
C:\herong>keytool -export -alias my_home_crt -file my_home.rfc -rfc -keystore herong.jks -storepass HerongJKS Certificate stored in file <my_home.rfc> type my_home.rfc -----BEGIN CERTIFICATE----- MIIDDTCCAssCBEB5KKQwCwYHKoZIzjgEAwUAMGwxCzAJBgNVBAYTAlVTMREwDwYDVQ... dGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTEQMA4GA1UEChMHTXkgSG9tZTEQMA4GA1UECx... dDEUMBIGA1UEAxMLSGVyb25nIFlhbmcwHhcNMDQwNDExMTExNDQ0WhcNMDQwNzEwMT... MQswCQYDVQQGEwJVUzERMA8GA1UECBMITXkgU3RhdGUxEDAOBgNVBAcTB015IENpdH... BAoTB015IEhvbWUxEDAOBgNVBAsTB015IFVuaXQxFDASBgNVBAMTC0hlcm9uZyBZYW... ASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2US... WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1... +4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCou... gYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgL... FhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkI... BpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAJdQsMlIf1nh4T/HZvVeltsrTGED118CkG... ygy53OLwrSK+6ptJpXP8tPMn9YFVJ3eigJrMTaZvGyd40WRiYM6Woyj3T4H73LEKLD... QeNYOAm8cp3l9ZQkNnmIA1P6CRR43EeAmdTUlK8y6RWTsrOiJMdDMAsGByqGSM44BA... AhQ4zAUOPWe1wdiwye9XDsVPcKS1xwIUWTdok6RIeeCMRIytKwcTOo7/qpM= -----END CERTIFICATE-----
Last update: 2015.
Table of Contents
'javac' - The Java Program Compiler
'java' - The Java Program Launcher
'jconsole' - Java Monitoring and Management Console
'jstat' - JVM Statistics Monitoring Tool
jvisualvm (Java VisualVM) - JVM Visual Tool
'javap' - The Java Class File Disassembler
►'keytool' - Public Key Certificate Tool
Certificates and Certificate Chains
'keystore' - Public Key Certificate Storage File
JDK 1.5 'keytool' - keystore File Management Commands
JDK 1.6 'keytool' - keystore File Management Commands
Generating Key Pairs and Self-Signed Certificates
►Exporting and Import Certificates
Cloning Certificates with New Identities