keytool [subcommands]

Key and certificate management utility. Together with jarsigner, replaces the JDK 1.1 javakey utility. Keys and certificates are maintained in a keystore. keytool manages the keystore, and jarsigner uses the information in it for signing .jar files. If you need to work with keys and keystores, read the keytool(1) manpage carefully first!

The command-line arguments to keytool are subcommands, each of which begins with a hyphen. Each subcommand, in turn, accepts suboptions.

Whenever keytool accepts a password for an option, if a password is not provided on the command line, the program prompts for one. Such options should not be used in scripts or on the command line, since they allow passwords to be seen. Similarly, keytool does not turn off echoing when prompting for a password, so make sure no one else can see your screen when using such options! See also jarsigner.


-certreq suboptions

Generate a Certificate Signing Request.

-delete suboptions

Delete the entry for the alias given with -alias from the keystore. With no -alias option, prompt for the alias name.

-export suboptions

From the keystore, export the certificate belonging to the user specified with -alias, storing it in the file specified with -file.

-genkey suboptions

Add a new public/private key pair to the keystore.


Print a command usage summary.

-identitydb suboptions

Import information from the JDK 1.1 style identity database specified with -file. If no such option ...

Get Unix in a Nutshell, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.