keytool

How to use the Linux ‘scp’ command without a password to make remote backups

Summary: How to create a public and private key pair to use ssh and scp without using a password, which lets you automate a remote server backup process.

Over the last two years I've ended up creating a large collection of websites and web applications on a variety of Linux servers that are hosted with different companies like GoDaddy and A2 Hosting. I recently embarked on a mission to automate the backup processes for all these sites, and as a result of this effort, I thought I'd share what I've learned here.

The keytool password for the Java security cacerts file is ...

In case you ever need to manually a certificate to your ${JAVA_HOME}/jre/lib/security/cacerts file, it turns out the password for that file when using the Java keytool command is changeit.

To add a certificate to that file, you’ll want to use a command like this:

keytool \
    -import \
    -alias "foobar.com" \
    -keystore ${JAVA_HOME}/jre/lib/security/cacerts \
    -file foobar.com.crt

I had to do this today for a Java/Scala script that accesses an HTTPS URL, and the site I’m accessing uses a “Let’s Encrypt” certificate.

Java keytool and keystore tutorials

I've been working with the Java keytool command a lot lately, as I needed to learn all about it to license my "Hide your desktop icons" app with the TrueLicense software license manager. I think I've learned a lot about the Java keytool command, keystore files, and certificates, and I'm trying to simplify and share that information here.

A Java keytool certificate example: Using ‘keytool’ with certificate files

Java keytool FAQ: Can you share an example of how to use the Java keytool command to create and share a Java/keytool certificate?

Here's a quick look at how two people, John and Paul, might use the Java keytool command to create and share a certificate file. In this example, John will create the certificate with the "keytool genkey" and "keytool export" commands, and Paul will import John's public key from the certificate file with the "keytool import" command.

A Java “keytool export” tutorial

Java keytool export FAQ: Can you share some examples of the Java keytool export command and export process?

Once you've created a private key in a Java keystore file, you can export that private key to a certificate file using the Java "keytool export" command. I'll demonstrate that command in this tutorial.

Java “keytool import”: How to import a certificate into a keystore file

Java “keytool import” FAQ: Can you share some examples of the Java keytool import command and process?

When you're working with Java public and private keys, there may be a time when someone else says, "Here is a certificate. Import it into your public key keystore, and then you can do XYZ", where "XYZ" can be a variety of things, including reading their document, using their Java application, etc. To do this you need to use the Java keytool import command.

The Java keytool “list” command

Java “keytool list” FAQ: Can you share some examples of the Java keytool list command, and Java keytool list process?

In a long, earlier article on Java keytool, keystore, and certificates, I demonstrated how to list the contents of a Java keystore file, but to simplify things a little for this tutorial, I'm just going to show how to query a Java keystore file using the keytool list command.

The Java ‘keytool’ command, keystore files, and certificates

Java keytool/keystore FAQ: Can you share some Java keytool and keystore command examples?

Sure. As a little bit of background, in creating my "Hyde (Hide Your Mac Desktop)" software application, I decided to venture into the world of commercial software, selling my app for a whopping 99 cents. While that price is trivial, creating the "software licensing" code for this application was anything but trivial.