112

I am trying to automate keystore generation using the Java keystore tool. The command I am using is :

keytool -keystore keystore -alias jetty -genkey -keyalg RSA

But after this command, user is required to enter certain inputs as follows:

Enter keystore password:  password
What is your first and last name?  
[Unknown]:  jetty.mortbay.org  
What is the name of your organizational unit?  
[Unknown]:  Jetty  
What is the name of your organization?  
[Unknown]:  Mort Bay Consulting Pty. Ltd.  
What is the name of your City or Locality?  
[Unknown]:  
What is the name of your State or Province?  
[Unknown]:  
What is the two-letter country code for this unit?  
[Unknown]:  
Is CN=jetty.mortbay.org, OU=Jetty, O=Mort Bay Consulting Pty. Ltd.,  
L=Unknown, ST=Unknown, C=Unknown correct?  
[no]:  yes  

Enter key password for <jetty>  
(RETURN if same as keystore password):  password

Instead of the user entering these values , is there any way of providing these values without user interaction ,either within the command or through a script?

Thanks

r3ap3r
  • 2,775
  • 2
  • 17
  • 16
  • why dont you read these informations from a property file ? – Shamis Shukoor Nov 27 '12 at 05:58
  • There are more command line options - read http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html (including distinguished name) – Jayan Nov 27 '12 at 06:06
  • 7
    Just because the example used a local address, doesnt mean this issue is localised. I am un UK and just had the same question. Fortunately, because some answered the question before it was closed, it just saved me a load of time trying to work out the answer. – Trevor North Feb 01 '15 at 18:59
  • 7
    This question was very useful and the answer helped out. Don't understand why it was closed. – Jose Martinez Mar 02 '15 at 15:21
  • 2
    Yet another example of trigger happy SO moderators ready to jump the gun at a moment's notice on closing actual, relevant, and useful questions so they can exercise the small amount of power they have to make themselves feel important. This was the first result when I searched this question on Google and it helped me solve my issue, unbelievable that it was closed simply because it referenced the asker's locale in the question. – Fam Aug 14 '15 at 19:43

3 Answers3

195

Try this:

keytool -genkey -noprompt \
 -alias alias1 \
 -dname "CN=mqttserver.ibm.com, OU=ID, O=IBM, L=Hursley, S=Hants, C=GB" \
 -keystore keystore \
 -storepass password \
 -keypass password \
 -keyalg RSA
Nzall
  • 3,439
  • 5
  • 29
  • 59
Evgeniy Dorofeev
  • 133,369
  • 30
  • 199
  • 275
18

don't forget -noprompt, otherwise you will be asked to input Yes or No

star
  • 691
  • 7
  • 12
  • 2
    if someone else had the same problem that there was a prompt even with this option: there are some commands that have -srckeypass and -srcstorepass. you may easily mix them – benez Feb 08 '18 at 01:35
6

See the full documentation about command line or by typing keytool without any arguments.

Specifically you may want to look options -storepass password -keypass password

Alex
  • 8,093
  • 6
  • 49
  • 79
Jayan
  • 18,003
  • 15
  • 89
  • 143