Java "keytool -importcert" Command Options

Q

What options are supported by the "keytool -importcert" command?

✍: FYIcenter.com

A

Java Keytool can be used to save the certificate received from others into a keystore file using the "keytool -importcert" command, which supports the following options:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -importcert -help

keytool -importcert [OPTION]...

Imports a certificate or a certificate chain

Options:

 -noprompt                       do not prompt
 -trustcacerts                   trust certificates from cacerts
 -protected                      password through protected mechanism
 -alias <alias>                  alias name of the entry to process
 -file <filename>                input file name
 -keypass <arg>                  key password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output

Use "keytool -help" for all available commands

The "keytool -importcert" command reads the certificate or certificate chain (where the latter is supplied in a PKCS#7 formatted reply or a sequence of X.509 certificates) from the file cert_file, and stores it in the keystore entry identified by alias. If no file is given, the certificate or certificate chain is read from stdin.

keytool can import X.509 v1, v2, and v3 certificates, and PKCS#7 formatted certificate chains consisting of certificates of that type. The data to be imported must be provided either in binary encoding format, or in printable encoding format (also known as Base64 encoding) as defined by the Internet RFC 1421 standard. In the latter case, the encoding must be bounded at the beginning by a string that starts with "-----BEGIN", and bounded at the end by a string that starts with "-----END".

You import a certificate for two reasons:

  • To add it to the list of trusted certificates, or
  • To import a certificate reply received from a CA as the result of submitting a Certificate Signing Request (see the -certreq command) to that CA.

2012-07-20, 10196👍, 0💬