Playing with keytool

It's been a while since I played with certificate in Java. It's usually the kind of thing you do once in your project and never touch again.

So I played with the Java keystore. I wanted to do a self-signed Sha256RSA certificate. It feels a bit like coding in perl. You start by something really long like:


# Create the key with openssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -sha256 -keyout bar.key -out bar.crt

# Create a new keystore with a dummy key
keytool -genkey -alias foo -keystore keystore.jks

# Delete the dummy key
keytool -delete -alias foo -keystore keystore.jks

# Import the real key
keytool -import -alias bar -file bar.crt -keystore keystore.jks

to a happy one liner (that also prevent from having to answer a bunch of question and providing a password all the time)


# Generate a self-signed certificate and create the keystore
keytool -genkey -keystore keystore.jks -alias bar -dname "CN=octo.com, OU=, O=OCTO, L=Paris, ST=, C=FR" -storepass mypassword -keypass mypassword -keyalg RSA -keysize 2048 -validity 730

# Export the certificate (ok, yes, it's a two liner if I want to get back the certificate)
keytool -exportcert -keystore keystore.jks -alias bar -file bar.crt -storepass mypassword -keypass mypassword