Java Keytool Introduction

RSA Key with a PKCS12 Keystore

Generate a Java Keystore and Private/Public Key - RSA with PKCS12 Keystore

RSA is used for comparability with legacy systems but it much slower than Elliptical Curves. The following examples show how to create an RSA key with PKCS12 Keystore.

The following breaks down the options we will use, please change them to fit your needs:

Size of keypair 4096 / 2048
Key Algorithm (keyalg) - RSA
Signature Algorithm (sigalg) - SHA256withRSA / SHA384withRSA / SHA512withRSA
How long the Key is Valid - 1085 days (~3 years).

Common Name (CN): The Common Name is usually the “” or Person Name or Department
Organizational Unit (OU): The Organizational Unit (OU) field is the name of the department or organization unit making the request
Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XY & Z Corporation would be XYZ Corporation.
Locality or City (L): The Locality field is the city or town name, for example: Planet
State or Province (S): Spell out the state completely: Colorado
Country Name (C): Use the two-letter code without punctuation for country, for example: US

The password of the private key: changeit
The alias name of our key: serverkey
The name of the keystore: that.keystore (if the file does not exist, it will be created)
KeyStore file format: PKCS12
Password of the keystore: changeit

RSA (Public/Private) Key Pair Creation

Creating an RSA keys and PKCS12 Keystore
 Copy keytool -genkeypair -keysize 4096 -sigalg SHA512withRSA -keyalg RSA -validity 1085 -dname "CN=Name,OU=IT,O=Mega,L=Planet,ST=CO,C=US" -alias serverkey -keypass changeit -keystore that.keystore -storetype pkcs12 -storepass changeit 
Check the keys and keystore creation
 Copy keytool -list -v -keystore that.keystore -storetype pkcs12 -storepass changeit 
Should look something like the following: