JAVA Certificate Knowledge

General Knowledge

 Keystore

• File that used to store collection of key and certificate
• Extension: .jks (JAVA Key Store)

 Truststore

• File that used to store collection of key and certificate that trusted by the JAVA
• Extension: .jks (JAVA Key Store) / without extension

JAVA Keytool

It is useful that you know how to use the JAVA keytool to verify the certificate and import certificate to a trust store/keystore.

1) Import certificate to keystore/truststore
  keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

• Explanation
• -import: means that you want to import the certificate
• -trustcacerts: means you will trust this certificate's CA (Certificate Authority)
• -alias: name you use to refer to this certificate in the keystore
• -file: certificate that you want to import
• -keystore: keystore/truststore to store the certificate

You must trust the server certificate to do https connection to a particular URL. By using this command, you can add the server certificate to the JAVA truststore.

The JAVA default truststore location:

• path: \jdk1.6.0_30\jre\lib\security\cacerts
• password: changeit

2) View keystore
  keytool -list -v -keystore keystore.jks -storepass changeit

• Explanation
• -list: means list all certificate in keystore
• -v: verbose
• -keystore: keystore/truststore to store the certificate
• -storepass: keystore/truststore password

You may view all your keys and certificate in your keystore by typing this command


3) View certificate
  keytool -printcert -file client.cer

• Explanation
• -printcert: means view certificate details
• -file: certificate name

You may view your certificate by typing this command