KeyStore Aliases
All keystore entries (key and trusted certificate entries) are
accessed via unique aliases. Aliases are case-insensitive;
the aliases Hugo
and hugo
would
refer to the same keystore entry. Certain RACF® and Z/OS keystores, however, support case-sensitivity
An alias is specified when you add an entity to the keystore using the -genseckey command to generate a secret key, -genkeypair command to generate a key pair (public and private key) or the -importcert command to add a certificate or certificate chain to the list of trusted certificates. Subsequent keytool commands must use this same alias to refer to the entity.
duke
to
generate a new public/private key pair and wrap the public key into
a self-signed certificate (see Certificate
Chains) via the following command: keytool -genkeypair -alias duke -keypass dukekeypasswd
This
specifies an inital password of "dukekeypasswd" required by subsequent
commands to access the private key assocated with the alias duke
.
If you later want to change duke's private key password, you use a
command like the following: keytool -keypasswd -alias duke -keypass dukekeypasswd -new newpass
This
changes the password from "dukekeypasswd" to "newpass". Please note: A password should not actually be specified on a command line or in a script unless it is for testing purposes, or you are on a secure system. If you don't specify a required password option on a command line, you will be prompted for it.