FreeKB - How to create a keystore or truststore using the keytool command in Linux
How to create a keystore or truststore using the keytool command in Linux

Home > Search > Linux commands > How-to

The keytool command is included with Java, thus you will need to install Java to use the keytool command.


keystore vs. truststore

First and foremost, it's important to recongize the difference between a keystore and a truststore. Let's consider a scenario where a Tomcat application server is being used. There will be both inbound and outbound requests. Typically, an inbound request is when a remote system makes a request for an app deployed to Tomcat. Typically, and outbound request is when an app deployed to Tomcat needs to go out, such as when making a query to a remote SQL database.


Inbound requests use a keystore to secure the requests. Outbound requests use a truststore to secure the request. So, when you see keystore, think "inbound" and when you see truststore think "outbound".


Create keystore

A keystore contains one or more key pairs (private key / public certificate). The first step is to create the private key. In this example, the private key is placed on the web server so that HTTPS can be used. As the name implies, a private key is private, and should never ever be made public.


In this example, a keystore named DefaultKeystore.jks is created, with a single private key with an alias of

keytool -genkey -alias -keyalg RSA -keystore DefaultKeystore.jks -keysize 2048


In this example, a PKCS12 keystore is created.

keytool -genkey -alias -keyalg RSA -keystore DefaultKeystore.p12 -keysize 2048 -storetype PKCS12


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 5038e in the box below so that we can be sure you are a human.