A Java “keytool export” tutorial

Java keytool export FAQ: Can you share some examples of the Java keytool export command and export process?

Once you've created a private key in a Java keystore file, you can export that private key to a certificate file using the Java "keytool export" command. I'll demonstrate that command in this tutorial.

Using "keytool export" to create a certificate file

Assuming we have a Java keystore file that contains a private key (as demonstrated in this "keytool genkey private key example") that we want to export to a certificate file, and we know the password for the private key keystore, this process is simple.

To create a Java certificate file, we use this keytool export command:

$ keytool -export -alias foo -file certfile.cer -keystore privateKey.store

This keytool command can be read like this:

  • Read from the keystore file named privateKey.store.
  • Look in that file for the alias named "foo".
  • Export the public key to the new file named certfile.cer.

Using keytool export

Here's how this keytool export command works when I run it from my the command line:

$ keytool -export -alias foo -file certfile.cer -keystore privateKey.store

Enter keystore password:  ABC123
Certificate stored in file <certfile.cer>

In this example, the password for my private key keystore file (privateKey.store) is "ABC123".

At this point your certfile file should have been created, and you can now share that with other people, who will presumably want to import it into their public keystore. I demonstrate that process in my Java keytool import tutorial.

A related Java keytool example

If you'd like to see the entire process of creating a private key, exporting it in a certificate file, importing it into a public keystore, and listing the keystore contents, I have all of that in one place in a long (but complete) Java keytool, keystore, genkey, export, import, certificate, and list tutorial as well. (Be warned, it is lengthy, but complete.)