KeyTool Import PrivateKey, Certificate

Files

file list

% ls
certificate.crt         privateKey_private.pem  publicKey_public.pem

show files

% file certificate.crt 
certificate.crt: PEM certificate

% cat certificate.crt 
-----BEGIN CERTIFICATE-----
MIIBqDCCAU6gAwIBAgIULvhjkKt1BonKn6rsqwt7cV0yUtAwCgYIKoZIzj0EAwIw
FjEUMBIGA1UEAwwLVEFZTy1ST09ULUUwIBcNMjAwMTAxMDAwMDAwWhgPOTk5OTEy
MzEyMzU5NTlaMBYxFDASBgNVBAMMC1RBWU8tUk9PVC1FMFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAEqZO7U8FhZ89jPVlKlsDyRedUwtYs8NH+mQBuC7jlOdxbKRoN
jVaLt8WWyDPTXE374OGZGdgt9roHyQ3MOJeGzqN4MHYwFgYKKwYBBAGCxGkFCQEB
/wQFMAMCAQEwDgYDVR0PAQH/BAQDAgEGMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgw
FoAU69xUcCMuwHNGGnTt1AYw5m/cTOYwHQYDVR0OBBYEFOvcVHAjLsBzRhp07dQG
MOZv3EzmMAoGCCqGSM49BAMCA0gAMEUCIELm69mYqefjQRI1b9L7DcCxo7U1yunP
Bisb7wGRb/qKAiEA6rk88xnoEh1o6q3sXO/mNmPWLqMLQQJ/02vAZ5JbAu0=
-----END CERTIFICATE-----                                                                                         

% file privateKey_private.pem 
privateKey_private.pem: PEM EC private key

% cat privateKey_private.pem 
-----BEGIN EC PRIVATE KEY-----
ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDjsACC7YNrNgk5VRAz
n6OpmqsIljfiePTAAsXcpvKd96AKBggqhkjOPQMBBw==
-----END EC PRIVATE KEY-----

Import Certificate

import cert

% keytool -importcert -keystore mykeystore.jks -storepass password -alias certificateAlias -file certificate.crt 
Owner: CN=TAYO-ROOT-E
Issuer: CN=TAYO-ROOT-E
Serial number: 2ef86390ab750689ca9faaecab0b7b715d3252d0
Valid from: Wed Jan 01 09:00:00 KST 2020 until: Sat Jan 01 08:59:59 KST 10000
Certificate fingerprints:
         SHA1: AA:41:D3:3D:C3:BC:17:DC:B2:A0:7A:C8:1B:6B:9C:35:43:A4:8F:00
         SHA256: 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E
Signature algorithm name: SHA256withECDSA
Subject Public Key Algorithm: 256-bit EC (secp256r1) key
Version: 3

Extensions: 

#1: ObjectId: 1.3.6.1.4.1.41577.5.9 Criticality=true
0000: 30 03 02 01 01                                     0....


#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: EB DC 54 70 23 2E C0 73   46 1A 74 ED D4 06 30 E6  ..Tp#..sF.t...0.
0010: 6F DC 4C E6                                        o.L.
]
]

#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EB DC 54 70 23 2E C0 73   46 1A 74 ED D4 06 30 E6  ..Tp#..sF.t...0.
0010: 6F DC 4C E6                                        o.L.
]
]

Trust this certificate? [no]:  yes
Certificate was added to keystore
jihoon_yang@MacBook-Pro certificates % keytool -list -keystore mykeystore.jks 
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

certificatealias, 2021. 8. 6., trustedCertEntry, 
Certificate fingerprint (SHA-256): 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E

show import result

% ls             
certificate.crt         mykeystore.jks          privateKey_private.pem  publicKey_public.pem

% keytool -list -keystore mykeystore.jks 
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

certificatealias, 2021. 8. 6., trustedCertEntry, 
Certificate fingerprint (SHA-256): 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E

Import Private Key

convert private key

% openssl pkcs12 -export -in certificate.crt -inkey privateKey_private.pem -out mykeystore.p12 -name "privatekeyAlias"
Enter Export Password:
Verifying - Enter Export Password:


% ls
certificate.crt         mykeystore.jks          mykeystore.p12          privateKey_private.pem  publicKey_public.pem

import private key

% keytool -importkeystore -deststorepass password -destkeypass password -destkeystore mykeystore.jks -srckeystore mykeystore.p12 -srcstoretype PKCS12 -srcstorepass password -alias "privatekeyAlias"
Importing keystore mykeystore.p12 to mykeystore.jks...

show import result

% keytool -list -keystore mykeystore.jks 
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 2 entries

certificatealias, 2021. 8. 6., trustedCertEntry, 
Certificate fingerprint (SHA-256): 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E
privatekeyalias, 2021. 8. 6., PrivateKeyEntry, 
Certificate fingerprint (SHA-256): 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E

Previous인증 기관(CA;Certificate Authority) 구성하고 인증서 발급하기 NextJava Keytool 사용법

Last updated 2 years ago

KeyTool Import PrivateKey, Certificate

Files

file list

% ls
certificate.crt         privateKey_private.pem  publicKey_public.pem

show files

% file certificate.crt 
certificate.crt: PEM certificate

% cat certificate.crt 
-----BEGIN CERTIFICATE-----
MIIBqDCCAU6gAwIBAgIULvhjkKt1BonKn6rsqwt7cV0yUtAwCgYIKoZIzj0EAwIw
FjEUMBIGA1UEAwwLVEFZTy1ST09ULUUwIBcNMjAwMTAxMDAwMDAwWhgPOTk5OTEy
MzEyMzU5NTlaMBYxFDASBgNVBAMMC1RBWU8tUk9PVC1FMFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAEqZO7U8FhZ89jPVlKlsDyRedUwtYs8NH+mQBuC7jlOdxbKRoN
jVaLt8WWyDPTXE374OGZGdgt9roHyQ3MOJeGzqN4MHYwFgYKKwYBBAGCxGkFCQEB
/wQFMAMCAQEwDgYDVR0PAQH/BAQDAgEGMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgw
FoAU69xUcCMuwHNGGnTt1AYw5m/cTOYwHQYDVR0OBBYEFOvcVHAjLsBzRhp07dQG
MOZv3EzmMAoGCCqGSM49BAMCA0gAMEUCIELm69mYqefjQRI1b9L7DcCxo7U1yunP
Bisb7wGRb/qKAiEA6rk88xnoEh1o6q3sXO/mNmPWLqMLQQJ/02vAZ5JbAu0=
-----END CERTIFICATE-----                                                                                         

% file privateKey_private.pem 
privateKey_private.pem: PEM EC private key

% cat privateKey_private.pem 
-----BEGIN EC PRIVATE KEY-----
ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDjsACC7YNrNgk5VRAz
n6OpmqsIljfiePTAAsXcpvKd96AKBggqhkjOPQMBBw==
-----END EC PRIVATE KEY-----

Import Certificate

import cert

% keytool -importcert -keystore mykeystore.jks -storepass password -alias certificateAlias -file certificate.crt 
Owner: CN=TAYO-ROOT-E
Issuer: CN=TAYO-ROOT-E
Serial number: 2ef86390ab750689ca9faaecab0b7b715d3252d0
Valid from: Wed Jan 01 09:00:00 KST 2020 until: Sat Jan 01 08:59:59 KST 10000
Certificate fingerprints:
         SHA1: AA:41:D3:3D:C3:BC:17:DC:B2:A0:7A:C8:1B:6B:9C:35:43:A4:8F:00
         SHA256: 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E
Signature algorithm name: SHA256withECDSA
Subject Public Key Algorithm: 256-bit EC (secp256r1) key
Version: 3

Extensions: 

#1: ObjectId: 1.3.6.1.4.1.41577.5.9 Criticality=true
0000: 30 03 02 01 01                                     0....


#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: EB DC 54 70 23 2E C0 73   46 1A 74 ED D4 06 30 E6  ..Tp#..sF.t...0.
0010: 6F DC 4C E6                                        o.L.
]
]

#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EB DC 54 70 23 2E C0 73   46 1A 74 ED D4 06 30 E6  ..Tp#..sF.t...0.
0010: 6F DC 4C E6                                        o.L.
]
]

Trust this certificate? [no]:  yes
Certificate was added to keystore
jihoon_yang@MacBook-Pro certificates % keytool -list -keystore mykeystore.jks 
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

certificatealias, 2021. 8. 6., trustedCertEntry, 
Certificate fingerprint (SHA-256): 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E

show import result

% ls             
certificate.crt         mykeystore.jks          privateKey_private.pem  publicKey_public.pem

% keytool -list -keystore mykeystore.jks 
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

certificatealias, 2021. 8. 6., trustedCertEntry, 
Certificate fingerprint (SHA-256): 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E

Import Private Key

convert private key

% openssl pkcs12 -export -in certificate.crt -inkey privateKey_private.pem -out mykeystore.p12 -name "privatekeyAlias"
Enter Export Password:
Verifying - Enter Export Password:


% ls
certificate.crt         mykeystore.jks          mykeystore.p12          privateKey_private.pem  publicKey_public.pem

import private key

% keytool -importkeystore -deststorepass password -destkeypass password -destkeystore mykeystore.jks -srckeystore mykeystore.p12 -srcstoretype PKCS12 -srcstorepass password -alias "privatekeyAlias"
Importing keystore mykeystore.p12 to mykeystore.jks...

show import result

% keytool -list -keystore mykeystore.jks 
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 2 entries

certificatealias, 2021. 8. 6., trustedCertEntry, 
Certificate fingerprint (SHA-256): 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E
privatekeyalias, 2021. 8. 6., PrivateKeyEntry, 
Certificate fingerprint (SHA-256): 39:4D:58:BD:FB:8C:DB:4B:4A:C4:05:5D:48:A9:8A:14:2F:A4:F2:E8:1C:8F:F0:74:F1:51:AE:5D:05:5C:D2:3E

Previous인증 기관(CA;Certificate Authority) 구성하고 인증서 발급하기 NextJava Keytool 사용법

Last updated 2 years ago