ExcaCambo · June 4, 2023 07:36 · Dec 30, 2022 · Dec 18, 2022 · Dec 17, 2022 · Dec 17, 2022
diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -34,6 +34,11 @@ Import a root or intermediate CA certificate to an existing Java keystore
 keytool -import -trustcacerts -file root-ca.crt -alias my-newly-trusted-ca -keystore keystore.jks
 ```
 
+Import the content of a keystore into another keystore
+```
+keytool -v -importkeystore -srckeystore source.p12 -srcstoretype PKCS12 -srcstorepass changeit -destkeystore target.p12 -deststoretype PKCS12 -deststorepass changeit
+```
+
 ## Checking
 Check a stand-alone certificate
 ```
@@ -71,6 +76,16 @@ Signing a certificate with a certificate signing request (CSR)
 keytool -v -gencert -infile server.csr -outfile server-signed.cer -keystore root-ca.jks -storepass secret -alias root-ca -validity 3650 -ext KeyUsage=digitalSignature,dataEncipherment,keyEncipherment,keyAgreement -ext ExtendedKeyUsage=serverAuth,clientAuth
 ```
 
+Converting JKS to PKCS12
+```
+keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -srcstorepass -destkeystore keystore.p12 -deststoretype PKCS12 password -deststorepass password
+```
+
+Converting PKCS12 to JKS
+```
+keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -srcstorepass -destkeystore keystore.jks -deststoretype JKS password -deststorepass password
+```
+
 ### Exporting
 Export a certificate to a .crt file in a binary format
 ```

diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -1,7 +1,7 @@
 # Keytool CheatSheet 🔐
 
 ## Some history
-This gist java keytool cheat sheet came into life when I started working on a tutorial of setting up one way tls and two way tls, which can be found here: [GitHub - Mutual TLS SSL](https://github.com/Hakky54/mutual-tls-ssl)
+This cheat sheet came into life when I started working on a tutorial of setting up one way tls and two way tls, which can be found here: [GitHub - Mutual TLS SSL](https://github.com/Hakky54/mutual-tls-ssl)
 
 ## Creation and importing
 Generate a Java keystore and key pair

diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -1,6 +1,9 @@
 # Keytool CheatSheet 🔐
 
-### Creation and importing
+## Some history
+This gist java keytool cheat sheet came into life when I started working on a tutorial of setting up one way tls and two way tls, which can be found here: [GitHub - Mutual TLS SSL](https://github.com/Hakky54/mutual-tls-ssl)
+
+## Creation and importing
 Generate a Java keystore and key pair
 ```
 keytool -genkeypair -keyalg RSA -keysize 2048 -keystore keystore.jks -alias server -validity 3650
@@ -31,7 +34,7 @@ Import a root or intermediate CA certificate to an existing Java keystore
 keytool -import -trustcacerts -file root-ca.crt -alias my-newly-trusted-ca -keystore keystore.jks
 ```
 
-### Checking
+## Checking
 Check a stand-alone certificate
 ```
 keytool -v -printcert -file server.crt
@@ -52,7 +55,7 @@ Check a particular keystore entry using an alias
 keytool -v -list -keystore keystore.jks -alias server
 ```
 
-### Other commands
+## Other commands
 Delete a certificate from a Java keystore
 ```
 keytool -delete -alias server -keystore keystore.jks
@@ -82,7 +85,4 @@ keytool -exportcert -keystore keystore.jks -alias server -rfc -file server.crt
 Export Java keystore to a .p12 file
 ```
 keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype jks -deststoretype pkcs12
-```
-
-## Some history
-This gist java keytool cheat sheet came into life when I started working on a tutorial of setting up one way tls and two way tls, which can be found here: [GitHub - Mutual TLS SSL](https://github.com/Hakky54/mutual-tls-ssl)
+```
diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -82,4 +82,7 @@ keytool -exportcert -keystore keystore.jks -alias server -rfc -file server.crt
 Export Java keystore to a .p12 file
 ```
 keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype jks -deststoretype pkcs12
-```
+```
+
+## Some history
+This gist java keytool cheat sheet came into life when I started working on a tutorial of setting up one way tls and two way tls, which can be found here: [GitHub - Mutual TLS SSL](https://github.com/Hakky54/mutual-tls-ssl)
diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -69,7 +69,12 @@ keytool -v -gencert -infile server.csr -outfile server-signed.cer -keystore root
 ```
 
 ### Exporting
-Export a certificate to a .crt file
+Export a certificate to a .crt file in a binary format
+```
+keytool -exportcert -keystore keystore.jks -alias server -file server.crt
+```
+
+Export a certificate to a .crt file in a pem format
 ```
 keytool -exportcert -keystore keystore.jks -alias server -rfc -file server.crt
 ```

diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -1,4 +1,4 @@
-# Keytool 🔐
+# Keytool CheatSheet 🔐
 
 ### Creation and importing
 Generate a Java keystore and key pair

diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -37,6 +37,11 @@ Check a stand-alone certificate
 keytool -v -printcert -file server.crt
 ```
 
+Check a stand-alone certificate in PEM format
+```
+keytool -v -printcert -file server.crt -rfc
+```
+
 Check which certificates are in a Java keystore
 ```
 keytool -v -list -keystore keystore.jks

diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -8,14 +8,19 @@ keytool -genkeypair -keyalg RSA -keysize 2048 -keystore keystore.jks -alias serv
 
 Generate a Java keystore and key pair and include Distinguished Name as one-liner and the Extensions
 ```
-keytool -genkeypair -keyalg RSA -keysize 2048 -keystore keystore.jks -alias server -dname "CN=Hakan,OU=Amsterdam,O=Thunderberry,C=NL" -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -validity 3650
+keytool -genkeypair -keyalg RSA -keysize 2048 -keystore keystore.jks -alias server -dname "CN=Hakan,OU=Amsterdam,O=Thunderberry,C=NL" -storepass secret -keypass secret -validity 3650 -ext KeyUsage=digitalSignature,dataEncipherment,keyEncipherment,keyAgreement -ext ExtendedKeyUsage=serverAuth,clientAuth -ext SubjectAlternativeName:c=DNS:localhost,DNS:IP:127.0.0.1
 ```
 
 Generate a Java keystore and import a certificate
 ```
 keytool -importcert -file server.crt -keystore truststore.jks -alias server
 ```
 
+Generate a Root CA with signing capability
+```
+keytool -v -genkeypair -dname "CN=Root-CA,OU=Certificate Authority,O=Thunderberry,C=NL" -keystore root-ca.jks -storepass secret -keypass secret -keyalg RSA -keysize 2048 -alias root-ca -validity 3650 -ext KeyUsage=digitalSignature,keyCertSign -ext BasicConstraints=ca:true,PathLen:3
+```
+
 Generate a certificate signing request (CSR) for an existing Java keystore
 ```
 keytool -certreq -keyalg rsa -keystore keystore.jks -alias server -file server.csr
@@ -53,6 +58,11 @@ Change a Java keystore password
 keytool -storepasswd -keystore keystore.jks
 ```
 
+Signing a certificate with a certificate signing request (CSR)
+```
+keytool -v -gencert -infile server.csr -outfile server-signed.cer -keystore root-ca.jks -storepass secret -alias root-ca -validity 3650 -ext KeyUsage=digitalSignature,dataEncipherment,keyEncipherment,keyAgreement -ext ExtendedKeyUsage=serverAuth,clientAuth
+```
+
 ### Exporting
 Export a certificate to a .crt file
 ```

diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -3,43 +3,43 @@
 ### Creation and importing
 Generate a Java keystore and key pair
 ```
-keytool -keystore keystore.jks -genkeypair -keyalg RSA -keysize 2048 -alias server -validity 3650 -deststoretype pkcs12 
+keytool -genkeypair -keyalg RSA -keysize 2048 -keystore keystore.jks -alias server -validity 3650
 ```
 
 Generate a Java keystore and key pair and include Distinguished Name as one-liner and the Extensions
 ```
-keytool -keystore keystore.jks -genkeypair -keyalg RSA -keysize 2048 -alias server -dname "CN=Hakan,OU=Amsterdam,O=Thunderberry,C=NL" -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -validity 3650 -deststoretype pkcs12
+keytool -genkeypair -keyalg RSA -keysize 2048 -keystore keystore.jks -alias server -dname "CN=Hakan,OU=Amsterdam,O=Thunderberry,C=NL" -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -validity 3650
 ```
 
 Generate a Java keystore and import a certificate
 ```
-keytool -keystore truststore.jks -importcert -file server.crt -alias server
+keytool -importcert -file server.crt -keystore truststore.jks -alias server
 ```
 
 Generate a certificate signing request (CSR) for an existing Java keystore
 ```
-keytool -certreq -keystore keystore.jks -alias server -keyalg rsa -file server.csr
+keytool -certreq -keyalg rsa -keystore keystore.jks -alias server -file server.csr
 ```
 
 Import a root or intermediate CA certificate to an existing Java keystore
 ```
-keytool -import -trustcacerts -alias my-newly-trusted-ca -file root-ca.crt -keystore keystore.jks
+keytool -import -trustcacerts -file root-ca.crt -alias my-newly-trusted-ca -keystore keystore.jks
 ```
 
 ### Checking
 Check a stand-alone certificate
 ```
-keytool -printcert -v -file server.crt
+keytool -v -printcert -file server.crt
 ```
 
 Check which certificates are in a Java keystore
 ```
-keytool -list -v -keystore keystore.jks
+keytool -v -list -keystore keystore.jks
 ```
 
 Check a particular keystore entry using an alias
 ```
-keytool -list -v -keystore keystore.jks -alias server
+keytool -v -list -keystore keystore.jks -alias server
 ```
 
 ### Other commands

diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -8,7 +8,7 @@ keytool -keystore keystore.jks -genkeypair -keyalg RSA -keysize 2048 -alias serv
 
 Generate a Java keystore and key pair and include Distinguished Name as one-liner and the Extensions
 ```
-keytool -keystore keystore.jks -genkeypair -keyalg RSA -keysize 2048 -alias server -dname "CN=Hakan,OU=Amsterdam,O=Luminis,C=NL" -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -validity 3650 -deststoretype pkcs12
+keytool -keystore keystore.jks -genkeypair -keyalg RSA -keysize 2048 -alias server -dname "CN=Hakan,OU=Amsterdam,O=Thunderberry,C=NL" -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -validity 3650 -deststoretype pkcs12
 ```
 
 Generate a Java keystore and import a certificate

diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -1,4 +1,4 @@
-# Keytool
+# Keytool 🔐
 
 ### Creation and importing
 Generate a Java keystore and key pair

diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -1,2 +1,65 @@
 # Keytool
 
+### Creation and importing
+Generate a Java keystore and key pair
+```
+keytool -keystore keystore.jks -genkeypair -keyalg RSA -keysize 2048 -alias server -validity 3650 -deststoretype pkcs12 
+```
+
+Generate a Java keystore and key pair and include Distinguished Name as one-liner and the Extensions
+```
+keytool -keystore keystore.jks -genkeypair -keyalg RSA -keysize 2048 -alias server -dname "CN=Hakan,OU=Amsterdam,O=Luminis,C=NL" -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -validity 3650 -deststoretype pkcs12
+```
+
+Generate a Java keystore and import a certificate
+```
+keytool -keystore truststore.jks -importcert -file server.crt -alias server
+```
+
+Generate a certificate signing request (CSR) for an existing Java keystore
+```
+keytool -certreq -keystore keystore.jks -alias server -keyalg rsa -file server.csr
+```
+
+Import a root or intermediate CA certificate to an existing Java keystore
+```
+keytool -import -trustcacerts -alias my-newly-trusted-ca -file root-ca.crt -keystore keystore.jks
+```
+
+### Checking
+Check a stand-alone certificate
+```
+keytool -printcert -v -file server.crt
+```
+
+Check which certificates are in a Java keystore
+```
+keytool -list -v -keystore keystore.jks
+```
+
+Check a particular keystore entry using an alias
+```
+keytool -list -v -keystore keystore.jks -alias server
+```
+
+### Other commands
+Delete a certificate from a Java keystore
+```
+keytool -delete -alias server -keystore keystore.jks
+```
+
+Change a Java keystore password
+```
+keytool -storepasswd -keystore keystore.jks
+```
+
+### Exporting
+Export a certificate to a .crt file
+```
+keytool -exportcert -keystore keystore.jks -alias server -rfc -file server.crt
+```
+
+Export Java keystore to a .p12 file
+```
+keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype jks -deststoretype pkcs12
+```
diff --git a/java_keytool_cheat_sheet.md b/java_keytool_cheat_sheet.md
@@ -1 +1,2 @@
-# Keytool
+# Keytool
+
diff --git a/keytool_cheat_sheet.md → java_keytool_cheat_sheet.md b/keytool_cheat_sheet.md → java_keytool_cheat_sheet.md
diff --git a/keytool_cheat_sheet.md b/keytool_cheat_sheet.md
@@ -0,0 +1 @@
+# Keytool
No results found