Use keytool to create a private key

Applies to User Roles:

System Administrator

You can use the keytool utility provided with the Sun Microsystems™ Java Development Kit to produce a private key in a keystore.

To use keytool to create a private key:

  1. Open your operating system's command prompt.
  2. Change directories to your JDK's bin folder.
  3. Type the following command to create a client private key.

    keytool -genkey -keyalg RSA -alias clients -keystore clientcerts

    Note We recommend that the keyalg parameter use a value of RSA rather than the default of DSA. Doing so allows your TLS communications to use the stronger ECDHE cipher suites which are not vulnerable to Logjam attacks (CVE-2015-4000).

    You can define your own names for the -alias and -keystore parameters. The names above are examples.

  4. When the keytool utility prompts you, type the following information:

    • Keystore password
    • Fully qualified domain name of host
    • Organizational unit
    • Name of organization
    • City or locality
    • State or province
    • Two letter country code
  5. Review the contact information and type yes to accept it.
  6. Type in the password you want to use for the client key.

    Tip You can press ENTER to use the same password for the key as you typed for the keystore.

Related topics

Example: Enabling required SSL encryption and client authentication
Example: Enabling required SSL encryption and trusted clients
Example: Enabling trusted sign-on
Example: Generating a client certificate with OpenSSL
Secure Sockets Layer (SSL) encryption and server certificates
What are PEM files?

Related topics

Use keytool to create a certificate request