Creating Self Signed Certificate using java keytool

In this post we will explore how to create self signed certificate using java keytool. For using this command we should have java installed in our system.

Command to generate certificate

keytool -genkeypair -alias tech_with_aman -keyalg RSA -keysize 2048 -storetype PKCS12 -validity 3650 -storepass welcome@123 -keystore myKey.p12

After running this command you will be asked following inputs. You can leave these blank or enter some value.

What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Following command will generate keystore name myKey.p12

  • -genkeypair : This argument commands keytool to create keypair
  • -alias : As p12 keystore can contain multiple private keys. This argument provide alias to the key which will be used to reference this private key. Here we are using alias as tech_with_aman
  • -keyalg : This provide algorithm to generate these keys. Here we are using RSA to generate these keys.
  • -keysize : This provide size of key which is 2048.
  • -storetype : There are various key store available. We are using PKCS12 here.
  • -validity : Validity of this key. This is in days.
  • -storepass : Password of this keystore.
  • -keystore : Name of the final key file where this data will be saved.

After using this command we will get myKey.p12 file which will contain a private key with alias tech_with_aman. Password of this keystore is welcome@123 . PKCS12 keystore format do not support separate password for private key.

2 thoughts on “Creating Self Signed Certificate using java keytool”

  1. Pingback: Setting up SSL in Spring Boot using self signed certificate

  2. Pingback: Extract private key and certificate from PKCS12 keystore

Leave a Comment

Your email address will not be published. Required fields are marked *