Menu
I was told to add a certificate (.crt format) to the keystore file using keytool command. What option need to be used here, import or -importcert. When is each one used?
360
The Java keytool is a command-line utility used to manage keystores in different formats containing keys and certificates. You can use the java keytool to import a certificate into a keystore. In many respects, the java keytool is a competing utility with openssl for keystore, key, and certificate management.
Keystores and truststores are repositories that contain cryptographic artifacts like certificates and private keys that are used for cryptographic protocols such as TLS. A keystore contains personal certificates, plus the corresponding private keys that are used to identify the owner of the certificate.
The command "importkeystore" is used to import an entire keystore into another keystore, which means all entries from the source keystore, including keys and certificates, are all imported to the destination keystore within a single command. You can use this command to import entries from a different type of keystore.
From this documentation keytool - Key and Certificate Management Tool, the Changes section at the end of the page says :
Renamed commands:
-import, renamed to -importcert
So they basically are the same, and despite being renamed, -import should still exist later :
All previous commands (both renamed and obsolete) are still supported in this release and will continue to be supported in future releases.
Note that this is from the Java SE 7 documentation, but the one from Java SE 8 (unix/windows) also says :
This command was named -import in earlier releases. This old name is still supported in this release. The new name, -importcert, is preferred going forward.
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
