FreeKB - Java Keytool keytool command (Create a keystore or truststore)
keytool command (Create a keystore or truststore)

The keytool command is included with Java, thus you will need to install Java to use the keytool command.


keystore vs. truststore

First and foremost, it's important to recongize the difference between a keystore and a truststore. Let's consider a scenario where a Tomcat application server is being used. There will be both inbound and outbound requests. Typically, an inbound request is when a remote system makes a request for an app deployed to Tomcat. Typically, and outbound request is when an app deployed to Tomcat needs to go out, such as when making a query to a remote SQL database.


Inbound requests use a keystore to secure the requests. Outbound requests use a truststore to secure the request. So, when you see keystore, think "inbound" and when you see truststore think "outbound".


Create keystore

A keystore contains one or more key pairs (private key / public certificate). The first step is to create the private key. In this example, the private key is placed on the web server so that HTTPS can be used. As the name implies, a private key is private, and should never ever be made public.


In this example, a keystore named DefaultKeystore.jks is created, with a single private key with an alias of

keytool -genkey -alias -keyalg RSA -keystore DefaultKeystore.jks -keysize 2048


In this example, a PKCS12 keystore is created.

keytool -genkey -alias -keyalg RSA -keystore DefaultKeystore.p12 -keysize 2048 -storetype PKCS12


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter f9013 in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |