Java keytool Step by Step Tutorial: Generate JKS KeyStore Using keytool and Export Certificate from KeyStore

By | February 9, 2020

Java keytool is a command line utility which can be used to generate keystores and then we can export keys and self signed public certificates from it with different command options provided by Java Key Tool. In this step by step Java Keytool tutorial, I will explain how to create a key store using Java Keytool and then how to export public certificate from JKS file using Java Keytool.

What is Java keytool Utility?

Java Keytool is a command line utility which is available as part of JDK installation and is available in the bin folder of your JDK installation. Java Key tool is used to create self signed certificates. This tool provides different options including generation of keystores, exporting private keys and public certificates from keystores and also importing certificates in the keystore.

If you prefer to watch all the steps in a video format, you can watch below video on TutorialsPedia YouTube Channel explaining step by step process to generate keystore using Java KeyTool and exporting Public Certificate from Keystore file.

If you prefer going through all the steps of JKS Tutorial in Text format, continue reading below.

Java KeyTool Step By Step Tutorial for Generating JKS Keystore and Exporting Public certificate from JKS File

Now we will proceed with step by step tuorial for creating Keystore and exporting public certificate from it using Java Keytool.

Java Keytool Tutorial Step 1: Create JKS File using Java KeyTool

To crate a keystore in JKS format, we will use keytool with genkey options as below where we specify alias, algorithm to be used and also name of the keystore file along with its location where it needs to be saved.

keytool -genkey -alias tutorialspedia -keyalg RSA -keystore “C:\test\tutorialspedia.jks”

You will be prompted fro the keystore password. You can provide any password with minimum length of 6 characters. You will be asked to enter password twice and then you will be prompted to provide various information including first & last name, name of organization unit, organization name, name of city, state and country and then you will be asked to confirm all provided details if everything is correct. If you want to have different password for key than the keystore password, you can provide a different password otherwise you can press enter and same password will be used for keystore and key file.

As you can see in the screenshot below, we have successfully created a keystore file in JKS format in our provided location.

Java Keytool

Java keytool Tutorial Step 2: Export Public Certificate from JKS Keystore File

From our generated kestore, we can export public certificate in .cer format using below command:

keytool -export -alias tutorialspedia -file “C:\test\tutorialspedia_public_cert.cer” -keystore “C:\test\tutorialspedia.jks”

The above command will export public certificate in a file with the name as specified in -file option. When running above command you will be prompted to provide keystore password and then file will get created containing your public certificate as you can see in screenshot below:

If you want to learn how you can create self signed certificates using Portecle GUI tool, refer to the below Tutorial:

How to Create Self Signed Certificates using Portecle

Alternatively, you can also look into another tutorial I wrote about how to generate self signed certificates, keys and CSR using openSSL.

Ajmal Abbasi

Ajmal Hussain Abbasi is Integration Consultant By Profession with 12+ years experience in Integration domain mainly with TIBCO products. He has extensive practical knowledge of TIBCO Business Works, TIBCO Cloud, TIBCO Flogo, TIBCO Mashery, TIBCO Spotfire, EMS and TIBCO ActiveSpaces. He has worked on a number of highly critical integration projects in various sectors by using his skills in TIBCO Flogo, TIBCO API Management (Mashery), TCI, Tibco Designer, TIBCO Business Studio, Adapters, TIBCO EMS, RV, Administrator, TIBCO BE, TIBCO ActiveSpaces etc. Ajmal Abbasi has experience with MuleSoft ESB as well. Ajmal Abbasi is also experienced in the area of API Management particularly with WSO2 API management platforms. Ajmal Abbasi is also experienced in developing solutions using Core Java and J2EE Technologies. You can contact Ajmal Abbasi for Consultancy, Technical Assistance and Technical Discussions.

More Posts - Website - Facebook - LinkedIn - YouTube

7 thoughts on “Java keytool Step by Step Tutorial: Generate JKS KeyStore Using keytool and Export Certificate from KeyStore

  1. Patrick Fidler

    Dear Ajmal
    Thanks so much for your coherent, logical and well explained article that has helped me greatly. There is lots of information about this topic on the web but most of it is confused, poorly explained and often erroneous. So thanks again for the clarity and the time you obviously spent putting this together. Good luck.

  2. Sudhakar Reddy

    is there any way to create jks file without password


    hello sir,
    how can we create jks file from existing cer file and key file using keytool utility

    1. Ajmal Abbasi Post author

      Dear Akanksha,
      Keystore files contain both public, private key pairs and if you have an existing .cer file, you can import it into a keystore with below command:
      keytool -import -v -trustcacerts -alias keyAlias -file server.cer -keystore cacerts.jks -keypass storepass

      1. Anu

        I have a .jks file, which i want to use for rest api authentication in java but getting authentication issue while trying to add in System Property with its password. can you please help me that how to connect rest api (GET) using .jks certificate and its paasword? Please! If possible please share the code.


Leave a Reply

Your email address will not be published. Required fields are marked *