2

I'd like to create a self-signed certificate by invoking keytool in my java script. Here is a simplified version of my code which includes the problem I have: 

 public class Tester { public static void main(String[] args) { String[] cmd = { "/bin/sh", "-c", "keytool", "-genkey", "-dname", "\"C=US,CN=CU,L=ABC,O=ABC_Univ,OU=ABC_Pro\"", "-keysize", "1024", "-alias", "testkeypairs", "-keyalg", "RSA", "-sigalg", "SHA1withRSA", "-keystore", "testkeystore", "-storepass", "abcdef", "-keypass", "abcdef" } Process testProc = Runtime.getRuntime().exec(cmd); }

There is no error when I ran it. But it did not give me the keystore. My questions are:

  1. The certificate generated by keytool is not considered as the "subprocess's output" which needs to be fed to the parent process using getinputstream(), is it?

  2. If it is, I also tried the getinputstream() thing as discussed in the following post,

Keytool usage with Runtime.getRuntime().exec() under Linux

the program just got stuck and seems to never stop.

  1. Is there any other ways to create self-signed certificate using java program?

I am a newbie in Java and English is not my first language. I hope I have expressed my question clearly.

Improve this question
7
  • I don't know exactly what you're trying, but consider changing your tactic slightly: instead of calling exec to call the keytool binary, try calling the Keystore creation code yourself, programatically. stackoverflow.com/questions/5312559/… Commented Dec 18, 2013 at 21:58
  • What I want is to create a self-signed certificate programmatically. I thought I can invoke keytool using Runtime.getRuntime.exec(), just like discussed the following post.[stackoverflow.com/questions/8308148/… I tried their method but couldn't get the certificate. @Hariprasad Commented Dec 18, 2013 at 22:12
  • @Gus Certificate signature is not possible with the standard java crypto API. You need to use a 3rd party library (e.g. BouncyCastle) to do that. Commented Dec 18, 2013 at 22:30
  • Is it possible the file is created, but in a different directory than you expected? Try specifying a full path for the -keystore parameter and see what happens. Commented Dec 18, 2013 at 23:07
  • You might need to call testProc.waitFor(); and also consume testProc.getInputStream(); and testProc.getErrorStream(); with something like while(stream.read()!=-1) {}; Commented Dec 19, 2013 at 0:21

1 Answer 1

Reset to default
2

You could try a different approach again - since keytool is written in Java and it is delivered with the JDK, you can actually instantiate the keytool class directly, like in this answer. This approach will let you generate a self-signed certificate in the JKS file of your choice, but it won't give you programmatic access to the generated certificate.

Just watch out, under Java 7 you will need to do new sun.security.tools.KeyTool(), but under Java 8 the class has been moved and you will need to do new sun.security.tools.keytool.Main. And of course it only works for the Oracle JDK, the APIs are internal and not guaranteed to be present in any future Java version, etc., etc.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.