Generate Private Key From Certificate Keytool
Before you can create your CSR, you need to create your Java keystore. Your Java keystore contains your private key. Run the following command to create your 2048 bit Java keystore: keytool -genkey -alias myalias -keyalg RSA –keysize 2048 -keystore c:yoursite.keystore 2. Note the alias you use here to create the keystore. Simply fill out the form, click Generate, and then paste your customized Java Keytool command into your terminal. The Java keytool utility creates both your private key and your certificate signing request, and saves them to two files: yourcommonname.jks, and yourcommonname.csr. Apr 27, 2016 First you need to combine the certificate and the private key using the command below. # openssl pkcs12 -export -in certificate.crt -inkey private.key -certfile certificate.crt -name 'mytomcatcertificate' -out keystore.p12 Next you will need to use the java keytool command to create the new keystore in JKS format.
To Use keytool to Create a ServerCertificate
Run keytool to generate a new key pair in the defaultdevelopment keystore file, keystore.jks. This exampleuses the alias server-alias to generate a new public/privatekey pair and wrap the public key into a self-signed certificate inside keystore.jks. The key pair is generated by using an algorithm oftype RSA, with a default password of changeit. For moreinformation and other examples of creating and managing keystore files, readthe keytool online help at http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.
Note –RSA is public-key encryption technology developed by RSA DataSecurity, Inc.
Generate Private Key From Certificate Keytool Online
From the directory in which you want to create the key pair, run keytool as shown in the following steps.
Keytool Generate Private Key From Certificate
Generate the server certificate.
Type the keytool command all on one line:
When you press Enter, keytool prompts you to enterthe server name, organizational unit, organization, locality, state, and countrycode.
You must type the server name in response to keytool’sfirst prompt, in which it asks for first and last names. For testing purposes,this can be localhost.
When you run the example applications, the host (server name) specifiedin the keystore must match the host identified in the javaee.server.name property specified in the file tut-install/examples/bp-project/build.properties.
Export the generated server certificate in keystore.jks intothe file server.cer.
Type the keytool commandall on one line:
If you want to have the certificate signed by a CA, read the exampleat http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html.
To add the server certificate to the truststore file, cacerts.jks, run keytool from the directory where you createdthe keystore and server certificate.
Use the following parameters:
Information on the certificate, such as that shown next, will appear:
Type yes, then press the Enter or Return key.
The following information appears: