Certificate Generation with Java Tools


Java has a useful tool for generating private-public key pair, it’s called keytool and is located in your jdk/bin directory. Here’s a command line that I often use to generate keys and self-signed certificates for testing.

$ keytool -genkey -keyalg RSA -validity 365 -alias MyKey -keystore new_keystore.jks -dname "CN=SubjectName, OU=My Department, O=My Company, L=Vilnius, S=Vilnius, C=LT"

Also it is sometimes needed to generate a request to get a signed certificate. Having created a keystore as shown above, it is easily done with the following line.

$ keytool -certreq -alias MyKey -keyalg RSA -keysize 2048 -file myfile.csr -keystore new_keystore.jks

I realize that this is pretty trivial, but it’s nice to have it written down in case I forget something :)