首頁 探索 說明
登入
tianyunperfect
/
cheats
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 0c47d266d1
分支列表 標籤列表
cheats
/
security
/
keytool.cheat

keytool.cheat 2.2 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. % java keytool, certificate, encryption
    2. 

  2. 

  3. ## Creating
    4. 

  4. # Generate a Java keystore and key pair
    5. 

  5. keytool -genkey -alias <ALIAS> -keyalg RSA -keystore <OUTPUT_JKS> -keysize <RSA_LENGTH>
    6. 

  6. 

  7. # Generate a certificate signing request (CSR) for an existing Java keystore
    8. 

  8. keytool -certreq -alias <ALIAS> -keystore <INPUT_JKS> -file <OUTPUT_CSR>
    9. 

  9. 

  10. # Import a root or intermediate CA certificate to an existing Java keystore
    11. 

  11. keytool -import -trustcacerts -alias root -file <INPUT_CRT> -keystore <INPUT_JKS>
    12. 

  12. 

  13. # Import a signed primary certificate to an existing Java keystore
    14. 

  14. keytool -import -trustcacerts -alias <ALIAS> -file <INPUT_CRT> -keystore <INPUT_JKS>
    15. 

  15. 

  16. # Generate a keystore and self-signed certificate
    17. 

  17. keytool -genkey -keyalg RSA -alias <ALIAS> -keystore <OUTPUT_JKS> -storepass <PASSWORD> -validity <VALIDITY> -keysize <RSA_LENGTH>
    18. 

  18. 

  19. 

  20. 

  21. ## Verifying
    22. 

  22. # Check a stand-alone certificate
    23. 

  23. keytool -printcert -v -file <INPUT_CRT>
    24. 

  24. 

  25. # Check which certificates are in a Java keystore
    26. 

  26. keytool -list -v -keystore <INPUT_JKS>
    27. 

  27. 

  28. # Check a particular keystore entry using an alias
    29. 

  29. keytool -list -v -keystore <INPUT_JKS> -alias <ALIAS>
    30. 

  30. 

  31. 

  32. 

  33. ## Other
    34. 

  34. # Remove a certificate from a keystore
    35. 

  35. keytool -delete -alias <ALIAS> -keystore <INPUT_JKS>
    36. 

  36. 

  37. # Change the password of a keystore
    38. 

  38. keytool -storepasswd -keystore <INPUT_JKS> -new <NEW_PASSWORD>
    39. 

  39. 

  40. # Export a certificate from a keystore
    41. 

  41. keytool -export -alias <ALIAS> -file <OUTPUT_CRT> -keystore <INPUT_JKS>
    42. 

  42. 

  43. # List the trusted CA Certs from the default Java Trusted Certs Keystore
    44. 

  44. keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
    45. 

  45. 

  46. # Import New Certificate Authority into the default Java Trusted Certs Keystore
    47. 

  47. keytool -import -trustcacerts -file <INPUT_PEM> -alias <ALIAS> -keystore $JAVA_HOME/jre/lib/security/cacerts
    48. 

  48. 

  49. 

  50. 

  51. # Sensible/common default alternatives
    52. 

  52. $ VALIDITY: printf "DAYS\tCOMMENT\n1\ta day\n30\ta month\n365\ta year\n730\ttwo years" --- --column 1 --headers 1
    53. 

  53. $ RSA_LENGTH: printf "KEY LENGTH\tCOMMENT\n2048\t\tDefault\n4096\t\tBetter\n8192\t\tSlow?" --- --column 1 --headers 1
    54. 

  54. 

  55. # Attempt to find files with the appropriate endings, default to everything.
    56. 

  56. $ INPUT_CRT:    ls -a | grep -e "\(.crt\|.cer\|.der\)" || ls -a
    57. 

  57. $ INPUT_PEM:    ls -a | grep -e "\(.pem\)"             || ls -a
    58. 

  58. $ INPUT_JKS:    ls -a | grep -e "\(.jks\)"             || ls -a
    59.