Creating Keys Using Java Keytool

The Java keytool application manages a  database of keys  and certificates.Users can create their own self-authenticated certificates and public/private key pairs.
1.Create A Pair Of Keys
In the open terminal/command window, type:

keytool –genkey –alias %alias% -keystore %keystore%

  Replacing  %alias%  with a name for your pair of keys and %keystore% with a name for your keystore, then press Enter.In this example, %alias% is KeyPair_1, and %keystore% is MyPrivateKey.store.Once you have completed these steps, your keystore will be saved on the computer.  It may be saved in your Documents folder, /home folder, or on the root drive.
2.Export A Certificate
In the terminal/command window, type:

keytool –export   –alias  %alias% -file  %file% -keystore %keystore%

  Replacing 
%alias% and %keystore%
 
with the values you used previously, and %file% with the name you would like to save your certificate as.In this example, %file% is Certificate1.cert, but you should name yours something different.You will also be asked for the keystore password.It will be saved in the same location as the keystore(usually your Documents or /home folder or the root drive).
3.Import A Certificate
In the terminal/command window, type:

keytool –import   –alias  %alias%   -file  %file% -keystore %keystore%

  Where %alias%  and %keystore% are 
differen
 
t values than you used previously, and %file% is the name of the file you saved your certificate to.You will also be asked to create a password for this new keystore. 
Usually you want to import your cetificate to jre's keystore,now fllowing steps:

cd  /usr/java/jdk/jdk1.6.0_29/jre/lib/security  # cd your $java_home/jre/lib/security

then import to jre keystore:

sudo  keytool -import -alias test -file /home/guolei/client.cert -keystore cacerts

jre's keystore default password is changeit,type the password,then everything is ok.