J2SDK provides keytool command line tools to create digital certificates based on specified parameters. The generated certificate or certificate library is stored by default in the current directory on the command line.  

1. Create digital certificates

1. keytool -genkey -v -alias scent -dname "CN=John,OU=MNG,O=Corp,L=Hangzhou,ST=Zhejiang,C=CN" -keyalg RSA -keysize 2048 -keypass 123456 -keystore prospectlib -storepass 123456 -storetype JCEKS -validity 900  

Note: - genkey can be written as - genkey pair

The value of dname is explained in detail:
CN(Common Name name and surname)
OU(Organization Unit Organizational Unit Name)
O(Organization Organization Organization Name)
L(Locality City or Area Name)
ST(State State or Provincial Name)
C(Country Country Country Name)

2. View all digital certificates in the certificate Library

1. keytool -list -rfc -keystore prospectlib -storepass 123456 -storetype JCEKS  

Note: If the certificate library is not the default store type, it needs to be specified explicitly.  

3. Check certificate details

1. keytool -list -v -alias scent -keystore prospectlib -storepass 123456 -storetype JCEKS  

Note: If the certificate is a non-default store type, it needs to be specified explicitly.  

4. Import Certificate

1. keytool -import -v -trustcacerts -alias scent -file scent.cer -keypass 123456 -keystore prospectlib -storepass 123456  

Note:
- import can be written as - importcert
- trustcacerts and - v can not be written, the effect is the same.

5. Export Certificate

1. keytool -export -alias scent -file scent.cer -keystore prospectlib -storepass 123456  

Note: - export can be written as - exportcert

6. Delete certificates

1. keytool -delete -alias scent -keystore prospectlib -storepass 123456 -storetype JCEKS  

Note: If the certificate is a non-default store type, it needs to be specified explicitly.  

7. Generating Certificate Signature Application

1. keytool -certreq -alias scent -sigalg "MD5withRSA" -file scent.csr -keypass 123456 -keystore cacerts.jks -storepass 123456  

Note: The scent.scr file generated will be sent to CA to apply for signature.  

8. Display certificates

1. keytool -printcert -v -file scent.cer  

9. Change the certificate alias

1. keytool -changealias -v -alias scent -destalias perfume -keystore prospectlib -storepass 123456  

10. Import Certificate Library

1. keytool -importkeystore -v -srckeystore prospectlib -srcstoretype JKS -srcstorepass 123456 -destkeystore intrinsic -deststoretype JKS -deststorepass 123456  -srcalias terrific prospect -destalias terrific prospect  

Note: If - srcalias, -destalias are not provided, all certificates from the source library will be imported into the target library.  

11. Modify the certificate password

1. keytool -keypasswd -alias brilliant -keystore range -storepass 123456 -keypass 123456 -new 654321  

Note: If no - keypass is provided, you will be prompted to enter a new password.  

12. Modify the password of the certificate Library

1. keytool -storepasswd -v -new 654321 -keystore range -storepass 123456 -storetype JKS  

Detailed parameters:
-dname "CN=xx,OU=xx,O=xx,L=xx,ST=xx,C=xx"  dn is called "CN=..."
-alias scent                A certificate with the alias scent
-keyalg 
     DSA RSA                    DSA or RSA algorithms (when using the - genkeypair parameter)
     DES DESede AES      DES or DESede or AES algorithms (when using the - genseckey parameter)
-keysize 
     512 ~ 1024             The length of the key ranges from 512 to 1024 (multiples of 64) (when using - genkeypair and - keyalg DSA parameters)
     > 512                       The length of the key is greater than 512 (when using - genkeypair and - keyalg RSA parameters)
     56                            The length of the key is 56 (when using - genseckey and - keyalg DES parameters)
     112 168                   Key length 112 or 168 (when using - genseckey and - keyalg DESede parameters)
     128 192 256             Key length 128 or 192 or 256 (when using - genseckey and - keyalg AES parameters)
-keypass  123456              The private key password for this certificate is 123456
-keystore prospectlib         The name of the certificate library is prospectlib
-storepass 123456             The access password of the certificate library is 123456.
-validity  900            The certificate is valid for 900 days.
-file  scent.cer           Import certificates from scent.cer files, or export certificates to scent.cer files
- v) Display detailed information
- rfc) Print certificates in Base64 encoding format
-storetype JCEKS          The type of keystore is JCEKS. Commonly used are JKS (default), JCEKS (recommendation), PKCS12,BKS,UBER. Each keystore can only be one of these types.