Java "keytool -gencert" Command Options

Q

What options are supported by the "keytool -gencert" command?

✍: FYIcenter.com

A

Java Keytool can be used to sign a CSR (Certificate Signing Request) file using the "keytool -gencert" command, which supports the following options:

C:Usersfyicenter> keytool -gencert -help

keytool -gencert [OPTION]...

Generates certificate from a certificate request

Options:

 -rfc                            output in RFC style
 -infile <filename>              input file name
 -outfile <filename>             output file name
 -alias <alias>                  alias name of the entry to process
 -sigalg <sigalg>                signature algorithm name
 -dname <dname>                  distinguished name
 -startdate <startdate>          certificate validity start date/time
 -ext <value>                    X.509 extension
 -validity <valDays>             validity number of days
 -keypass <arg>                  key password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism

Use "keytool -help" for all available commands

The "keytool -gencert" command generates a certificate as a response to a certificate request file (which can be created by the keytool -certreq command). The command reads the request from infile (if omitted, from the standard input), signs it using alias's private key, and output the X.509 certificate into outfile (if omitted, to the standard output). If -rfc is specified, output format is BASE64-encoded PEM; otherwise, a binary DER is created.

sigalg specifies the algorithm that should be used to sign the certificate. startdate is the start time/date that the certificate is valid. valDays tells the number of days for which the certificate should be considered valid.

If dname is provided, it's used as the subject of the generated certificate. Otherwise, the one from the certificate request is used.

ext shows what X.509 extensions will be embedded in the certificate.

Java Keytool can be used to sign a CSR (Certificate Signing Request) file using the "keytool -gencert" command, which supports the following options:

C:\Users\fyicenter> keytool -gencert -help

keytool -gencert [OPTION]...

Generates certificate from a certificate request

Options:

 -rfc                            output in RFC style
 -infile <filename>              input file name
 -outfile <filename>             output file name
 -alias <alias>                  alias name of the entry to process
 -sigalg <sigalg>                signature algorithm name
 -dname <dname>                  distinguished name
 -startdate <startdate>          certificate validity start date/time
 -ext <value>                    X.509 extension
 -validity <valDays>             validity number of days
 -keypass <arg>                  key password
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism

Use "keytool -help" for all available commands

The "keytool -gencert" command generates a certificate as a response to a certificate request file (which can be created by the keytool -certreq command). The command reads the request from infile (if omitted, from the standard input), signs it using alias's private key, and output the X.509 certificate into outfile (if omitted, to the standard output). If -rfc is specified, output format is BASE64-encoded PEM; otherwise, a binary DER is created.

sigalg specifies the algorithm that should be used to sign the certificate. startdate is the start time/date that the certificate is valid. valDays tells the number of days for which the certificate should be considered valid.

If dname is provided, it's used as the subject of the generated certificate. Otherwise, the one from the certificate request is used.

ext shows what X.509 extensions will be embedded in the certificate.

 

"keytool -gencert" Command Examples - Sign CSR

"keytool -printcertreq" Command Examples - Print CSR Info

Managing Certificate Requests with Java Keytool

⇑⇑ Java Keytool: Certificate Management Tool

2012-07-21, 12🔥, 0💬