Name

keytool

Synopsis

    keytool [subcommands]

Key and certificate management utility. Together with jarsigner, replaces the JDK 1.1 javakey utility. Keys and certificates are maintained in a keystore. keytool manages the keystore, and jarsigner uses the information in it for signing .jar files. If you need to work with keys and keystores, read the keytool(1) manpage carefully first!

The command-line arguments to keytool are subcommands, each of which begins with a hyphen. Each subcommand, in turn, accepts suboptions.

Whenever keytool accepts a password for an option, if a password is not provided on the command line, the program prompts for one. Such options should not be used in scripts or on the command line, since they allow passwords to be seen. Similarly, keytool does not turn off echoing when prompting for a password, so make sure no one else can see your screen when using such options! See also jarsigner.

Subcommands

-certreq suboptions

Generate a Certificate Signing Request.

-delete suboptions

Delete the entry for the alias given with -alias from the keystore. With no -alias option, prompt for the alias name.

-export suboptions

From the keystore, export the certificate belonging to the user specified with -alias, storing it in the file specified with -file.

-genkey suboptions

Add a new public/private key pair to the keystore.

-help

Print a command usage summary.

-identitydb suboptions

Import information from the JDK 1.1 style identity database specified with -file. If no such option ...

Get Unix in a Nutshell, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial