Java keytool import FAQ: Can you share some examples of the Java keytool import command and process?
When you're working with Java public and private keys, there may be a time when someone else says, "Here is a certificate. Import it into your public key keystore, and then you can do XYZ", where "XYZ" can be a variety of things, including reading their document, using their Java application, etc. To do this you need to use the Java keytool import command.
In this example I'll assume that you have just received a keytool certificate file from another person, and you want to import the information in that certificate file into your public keystore file.
Java keytool import - Import a certificate into a public keystore
Assuming that you've been given a certificate file named "certfile.cer" which contains an alias named "foo", you can import it into a public keystore named "publicKey.store" with the following keytool import command:
$ keytool -import -alias foo -file certfile.cer -keystore publicKey.store
This import command can be read as:
- Read from the certfile file named certfile.cer.
- Look in that file for an alias named "foo".
- If you find the alias "foo", import the information into the keystore named "publicKey.store".
- Note: The file publicKey.store may already exist, in which case the public key for "foo" will be added to that keystore file; otherwise, publicKey.store will be created.
Java keytool import - a complete example
Here's the actual input and output from a Java keytool import example. Hopefully you can use the description I just provided to understand how this command works:
$ keytool -import -alias publicCertFromAl -file certfile.cer -keystore publicKey.store
Enter keystore password: BARBAZ
Owner: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Issuer: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Serial number: 4bd4e793
Valid from: Sun Apr 25 17:08:35 AKDT 2010 until: Sat Jul 24 17:08:35 AKDT 2010
Trust this certificate? [no]: yes
Certificate was added to keystore
A few important points here about this output:
- The alias used here (publicCertFromAl) does not have to correspond to the alias used when the private key keystore and certificate file were created.
- The password shown above is the password for the keystore named publicKey.store.