Filter
Top Products
keytool -delete -noprompt -alias ${cert.alias} -keystore ${keystore.file}
-storepass ${keystore.pass}
Another example of deleting a certicate from a keystore is shown in “Deleting a Certicate
Using the keytool Utility” on page 115
Generating a Certicate Using the keytool Utility
Use keytool to generate, import, and export certicates. By default, keytool creates a keystore
le in the directory where it is run.
1. Change to the directory where the certicate is to be run.
Always generate the certicate in the directory containing the keystore and truststore les,
by default domain-dir/config. For information on changing the location of these les, see
“Changing the Location of Certicate Files” on page 112.
2. Enter the following keytool command to generate the certicate in the keystore le,
keystore.jks:
keytool -genkey -alias keyAlias-keyalg RSA
-keypass changeit
-storepass changeit
-keystore keystore.jks
Use any unique name as your keyAlias. If you have changed the keystore or private key
password from their default, then substitute the new password for changeit in the above
command. The default key password alias is “s1as.”
A prompt appears that asks for your name, organization, and other information that
keytool uses to generate the certicate.
3. Enter the following keytool command to export the generated certicate to the le
server.cer (or client.cer if you prefer):
keytool -export -alias keyAlias-storepass changeit
-file server.cer
-keystore keystore.jks
4. If a certicate signed by a certicate authority is required, see “Signing a Digital Certicate
Using the keytool Utility” on page 115
.
5. To create the truststore le cacerts.jks and add the certicate to the truststore, enter the
following keytool command:
keytool -import -v -trustcacerts
-alias keyAlias
-file server.cer
-keystore cacerts.jks
-keypass changeit
UsingJavaSecure SocketExtension(JSSE)Tools
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008114