Step by step tutorial to create Keystore and Truststore

file
POSTED BY GIFTSAMPOSTED ON DEC - 11 - 2010
Introduction
Truststore and Keystore file will be used in the JSSE to provide secured transaction between the client
and server. The keytool command is used to create the key store file which contains the public/private
keys and then using keystore, Create a truststore file which contains only public keys. In this article,
Let us learn how to create Truststore and Keystore file using 5 easy steps given below,
1. Generate a private key in keystore file
2. Verifiy the newly created keystore file
3. Export the certificate
4. Import the certificate in to the truststore file
5. Verifiy the newly created trust store file
Step 1 - Generate a private key in keystore file
Java Keytool stores the keys and certificates in the keystore file. If you are a Windows user, the
Keytool command should be executed in the Java bin directory. In my case the directory is
C:\Program Files\Java\jdk1.6.0_12 and the following command should be executed,
1
keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore
keystore.jks
Once the preceding command is executed, you will be asked for the password, For this article, Let us
give the password as techbrainwave. Once you give the password, you will be asking for the details
as specified in the image below

Next we should verify the newly created key store file.
Step 2 Verifiy the newly created keystore file
In Step2, Let us verify the newly created keystore.jks file using the following command,
1 keytool -list -v -keystore keystore.jks
After excuting the above command, you will get the details as specified in the image below,

Next we should export the certificate.
Step 3 Export the certificate
In step3, Either a self signed certificate or a commercial certificate from Verisign or other certificate
authority should be exported. For exporting verisign certificates, the article Steps to configure
Verisign certificate for Oracle Glassfish Server would be helpful. In this article, Let us see how to
export a self signed certificate.
BEGIN CERTIFICATE
MIICXjCCAccCBDwircEwDQYJKoZIhvcNAQEEBQAwdjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
MRIwEAYDVQQHEwlQYWxvIEFsdG8xHzAdBgNVBAoTFlN1biBNaWNyb3N5c3RlbXMsIEluYy4xFjAU
BgNVBAsTDUphdmEgU29mdHdhcmUxDTALBgNVBAMTBER1a2UwHhcNMDExMjIxMDMzNDI1WhcNMDEx
MjI4MDMzNDI1WjB2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0
bzEfMB0GA1UEChMWU3VuIE1pY3Jvc3lzdGVtcywgSW5jLjEWMBQGA1UECxMNSmF2YSBTb2Z0d2Fy
ZTENMAsGA1UEAxMERHVrZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1loObJzNXsi5aSr8
N4XzDksD6GjTHFeqG9DUFXKEOQetfYXvA8F9uWtz8WInrqskLTNzwXgmNeWkoM7mrPpK6Rf5M3G1
NXtYzvxyi473Gh1h9k7tjJvqSVKO7E1oFkQYeUPYifxmjbSMVirWZgvo2UmA1c76oNK+NhoHJ4qj
eCUCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCRPoQYw9rWWvfLPQuPXowvFmuebsTc28qI7iFWm6BJ
TT/qdmzti7B5MHOt9BeVEft3mMeBU0CS2guaBjDpGlf+zsK/UUi1w9C4mnwGDZzqY/NKKWtLxabZ
5M+4MAKLZ92ePPKGpobM2CPLfM8ap4IgAzCbBKd8+CMp8yFmifze9Q==
END CERTIFICATE
The preceding self signed certificate should be stored in a file named selfsignedcert.cer and then
execute the following command,
1
keytool -export -alias certificatekey -keystore keystore.jks -rfc -file
selfsignedcert.cer
After executing the above command, you will be asked for the password, Give the same password
techbrainwave and you will get the details as specified in the image below,

Next we should import the certificate in to the truststore file.
Step 4 Import the certificate in to the truststore file
In step4, Let us import the certificate by executing the below command,
1 keytool -import -alias certificatekey -file selfsignedcert.cer \
2 -keystore truststore.jks
After executing the preceding command, Give the same password techbrainwave and you will get
the details as specified in the image below,

Next let us verify the newly created trust store file.
Step 5 Verify the newly created trust store file
In step5, verify the newly created trust store file by executing the following command,
1 keytool -list -v -keystore truststore.jks
After executing the preceding command, you will get the details as specified in the image below,

Thats all folks. I hope this article clearly gives the Step by step tutorial to create simple Keystore and
Truststore file. If you find this article is useful for you, dont forget to leave your valuable
comments. Have a joyous code day.