Category Archives: Unix Commands

Commonly used Keytool / Open SSL Commands

Generate Keystore

keytool -genkey -alias -keyalg RSA -sigalg SHA512withRSA -keysize 2048 -keystore keystore_name.jks


Enter keystore password:

Re-enter new password:

What is your first and last name?

[Unknown]:  First Name

What is the name of your organizational unit?

[Unknown]:  Organisation Name

What is the name of your organization?

[Unknown]:  Company Name

What is the name of your City or Locality?


What is the name of your State or Province?


What is the two-letter country code for this unit?

[Unknown]:  GB

Is above details correct?

[no]:  yes

Generate CSR

keytool -certreq –alias  -file cert_request.csr -keystore keystore_name.jks

Import the Root CA Certificate:

keytool -importcert -keystore keystore_name.jks -alias “CA Root” -file ROOT_CA_Cert.crt

Import the Signed server certificate into the keystore

keytool -importcert -keystore keystore_name.jks -keyalg “RSA” -trustcacerts -file destinateion_cert.crt -alias

Test the keystore to see if the certificates are imported correctly

This should produce 2 lines, one with “keyEntry” for the signed server certificate imported and the second for the CA certificate imported.

keytool -v -list -keystore keystore_name.jks

Enter keystore password:

The certificate listing would follow…

Convert the jks to p12 format

keytool -importkeystore -srckeystore source_keystore.jks -srcstoretype jks -srcstorepass changeme -srcalias changeme -destkeystore destination_cert_type.p12 -deststoretype pkcs12 -deststorepass changeme -destalias -destkeypass changeme

Extract the key from the p12 format keystore

openssl pkcs12 -in destination_cert_type.p12 -passin pass:changeme -nocerts -out destination_cert_type.pem -des -passout pass:changeme

Remove the need for the password

openssl rsa -in destination_cert_type.pem -passin pass:changeme -out no_password_certificate.crt

Export a certificate from a keystore

keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks

OpenSSL to find out the certicate encryption algorithm type

openssl s_client -connect url:port< /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep -e “Signature Algorithm”|head -1

AWK / SED / GREP / FIND – some quick oneliners for unix

The below command, reads input.txt, and prints the First column of that file, into output.txt
awk -F $’\t\/’ ‘{print $1}’ input.txt > output.txt

The delimiter here is a tab followed by ‘/’ – which needs to be preceded by an escape character, which is what \ does.

The following sed command copies line numbers 795 through to 1159 to an output file.
sed -n ‘795,1159p’ input.log > /tmp/output.log

A really cool sed command below, replaces a regex with another regex using a regex 🙂
I had a case where, inside a config file I had some regex – mainly for apache redirects.
It was a huge file, and I wanted to find and replace a part of it.
Find: a-z0-9A-Z
Replace with: a-z0-9A-Z\’\+

here is what worked for me:
sed -i “s/a-z0-9A-Z/a-z0-9A-Z\\\’\\\+/g” test_file

The below grep command prints the line number for a specific “search_string”
grep -n “search_string” input.log

The below find command searches all the files within the current directory for a string that matches “PATTERN”
find . -type f -exec grep -l “PATTERN” {} \;|more

The below finds files modified in the last 2 days
find . -name “*” -mtime -2 -ls|more

Find the largest files on the current filesystem:
find . -xdev -ls | sort +6 -nr | head -20