What is Keytool?

-

 keytool is a key and certificate management utility. It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures

Java includes the keytool utility in its releases. We use it to manage keys and certificates and store them in a keystore. The keytool command allows us to create self-signed certificates and show information about the keystore.

In the following sections, we're going to go through different functionalities of this utility.

First of all, let's create a self-signed certificate that could be used to establish secure communication between projects in our development environment, for example.

In order to generate the certificate, we're going to open a command-line prompt and use keytool command with the -genkeypair option

keytool -genkeypair -alias <alias> -keypass <keypass> -validity <validity> -storepass <storepass>

Let's learn more about each of these parameters:

  • alias – the name for our certificate
  • keypass – the password of the certificate. We'll need this password to have access to the private key of our certificate
  • validity – the time (in days) of the validity of our certificate
  • storepass – the password for the keystore. This will be the password of the keystore if the store doesn't exist

For example, let's generate a certificate named “cert1” that has a private key of “pass123” and is valid for one year. We'll also specify “stpass123” as the keystore password:

keytool -genkeypair -alias cert1 -keypass pass123 -validity 365 -storepass stpass123

After executing the command, it'll ask for some information that we'll need to provide:

What is your first and last name?
  [Unknown]:  Name
What is the name of your organizational unit?
  [Unknown]:  Unit
What is the name of your organization?
  [Unknown]:  Company
What is the name of your City or Locality?
  [Unknown]:  City
What is the name of your State or Province?
  [Unknown]:  State
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Name, OU=Unit, O=Company, L=City, ST=State, C=US correct?
  [no]:  yes

As mentioned, if we haven't created the keystore before, creating this certificate will create it automatically.

We could also execute the -genkeypair option without parameters. If we don't provide them in the command line and they're mandatory, we'll be prompted for them


Comments

Post a Comment

Popular posts from this blog

Sticky Session- Load Balancing

-
Image
Session stickiness , also known as(aka)., session persistence, is a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session, (i.e., the time a specific IP spends on a website). Using sticky sessions can help improve user experience and optimize network resource usage. With sticky sessions, a load balancer assigns an identifying attribute to a user, typically by issuing a cookie or by tracking their IP details. Then, according to the tracking ID, a load balancer can start routing all of the requests of this user to a specific server for the duration of the session This can prove very helpful, as HTTP/S is a stateless protocol that was not devised with session persistence in mind. Nevertheless, many web applications do have the need to serve personalized user data over the course of a session. Without session persistence, the web application would have to maintain this information across multiple servers, which can...
Read more

Email Sending through O365 using OAuth Protocol

-
  Microsoft Office365 EWS servers have been extended to support authorization via the industry-standard OAuth 2.0 protocol. Using OAUTH protocol, user can do authentication by Microsoft Web OAuth instead of inputting user and password directly in application Microsoft / Office 365 OAuth + EWS We can use the OAuth authentication service provided by Azure Active Directory to enable our application to connect with IMAP, POP or SMTP protocols to access Exchange Online in Office 365. To use OAuth with our application we need to register application on Azure Active directory and other steps also we need to do to get the access token back. Below are the steps   To use Microsoft/Office365 OAUTH in your application, you must create an application in  https://portal.azure.com . Sign into the Azure portal using either a work or school account or a personal Microsoft account. If your account gives you access to more than one tenant, select your account in the top ...
Read more

Running Keycloak with docker image

-
docker run --name keycloak -d -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak: latest start-dev docker stop keycloak docker rm keycloak Again run the above docker run command and see users created already exist or not. so, definitely we will not see as those details are not saving. so, now check how to persist the data with mysql. so, try to configure mysql Step1 create network so that keycloak can talk to Mysql docker network create keycloak-network docker network inspect keycloak-network Step2 start Mysql docker run -p 3306:3306 --name mysql -d --net keycloak-network -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=keycloak -e MYSQL_ROOT_PASSWORD=keycloak mysql Step3 Run keycloak under the same network with addition environment variables docker run -p 8080:8080 --name keycloak -d --net keycloak-network -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -e KC_DB=mysql -e KC_DB_URL=jdbc:mysql://mysql:3306/keycloak...
Read more