Following is the simple java keytool command to create self signed KeysStore (JKS) file. 

>keytool -genkeypair -keyalg RSA -keystore soasecurity.jks -alias soa

This generates a key pair (a public key and associated private key). Wraps the public key into an X.509 v3 self-signed certificate, which is stored as a single-element certificate chain. This certificate chain and the private key are stored in a new KeyStore entry identified by alias.

You will be promoted for  KeyStore password,  Distinguished Name (DN)  and private key password

Here,  you need to consider about the CN (Common Name) value of the DN. Because CN is used in SSL communication to validate with the hostname of the server.   So; if you are generating this self signed keystore for SSL communication, you need to provide the hostname as the CN value. Say; your hostname is   https://soasecurity.org.  Then CN also must be soasecurity.org. If CN is not matched properly, SSL clients may not able to accomplish a proper SSL handshake.

Private key password and keystore password can be two values.  It is always better to provide a separate password for both.  But in most cases,  people just keep it as one value for easiness. 

Lets, List down the KeyStore.

You can use following keytool command to list down the KeyStore. 

>keytool -list -v -keystore soasecurity.jks

Output would be.

So;  this keystore contains one Private Key entry given by alias name.  This private key entry contains the certificate chain which only contains the public certificate as it is self-signed one.   

Also; there is three useful parameters which you can use with keytool command when generating a keystore. 

-keysize : Size of the key  and it is set to 1024 by default
-sigalg  : Algorithm that should be used to sign the self-signed certificate and  SHA256withRSA is the default.
-validity  : This is the validity period of the Public Certificate related to the private key. It is set to 180 days by default 

Lets create KeyStore by modifying these values using following command.

>keytool -genkeypair -keyalg RSA -keystore soasecurity.jks -alias soa -keysize 4096 -sigalg SHA512withRSA  -validity 1825

When we list, KeyStore looks like.

Thanks for reading..!!!

Post a Comment

Dear readers, after reading the Content please ask for advice and to provide constructive feedback Please Write Relevant Comment with Polite Language.Your comments inspired me to continue blogging. Your opinion much more valuable to me. Thank you.