


You will need to provide the keystore password ( protected). The command below export the private key to the file serverkey.pem: openssl pkcs12 -in server.jks -nodes -nocerts -out serverkey.pem The Java keytool does not support export of a private key therefore we will need to use OpenSSL. #1: ObjectId: 2.5.29.17 Criticality=falseĬonfigure your webserver to use the certificate and you will be able to check the certificate in a browser.Įxport the certificate private and public keys The snippet below shows the partial output only with the Subject ( Owner below) and SubjectAltName ( SubjectAlternativeName below) fields. The command below will list certificates in the keystore: keytool -list -v -keystore server.jks -storepass protected keystore server.jks -storepass protected -deststoretype pkcs12 \ The command below will create a pkcs12 Java keystore server.jks with a self-signed SSL certificate: keytool \ Recommended to configure the following values (where applicable): The full list of supported values listed in RFC 5280. RFC 2818 recommends to use the SAN certificate instead of a regular SSL certificate :Īlthough the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead. These values added to a SSL certificate via the subjectAltName field.Ī SSL certificate with SAN values usually called the SAN certificate. The specification allows to specify additional values for a SSL certificate. The Subject Alternative Name (SAN) is an extension the X.509 specification.
Keystore explorer generate jks how to#
Explaining how to create the Certificate Signing Request (CSR) for the SAN certificate using the Java keytool.Explaining how to export the certificate private and public keys using OpenSSL.Explaining how to create the SAN certificate using the Java keytool.We will learn how to generate the Subject Alternate Name (or SAN) certificate in a simple way.
