Search code examples
javakeytool

Java KeyTool generate certificate request not working

I'm trying to generate certification request with java, using keytool. Here's code I'm using to generate crs file:

String generateCertificationRequest = "keytool –certreq –alias keypair –keyalg RSA –file src/main/resources/client.csr "
                + "–keystore src/main/resources/newKeyStoreFileName.jks -storepass pass";

        Runtime rt = Runtime.getRuntime();
        Process proc = rt.exec(generateCertificationRequest);

Csr file is not created and I get this message:

Illegal option:  –certreq
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore
 -showinfo           Displays security-related information

Use "keytool -?, -h, or --help" for this help message
Use "keytool -command_name --help" for usage of command_name.
Use the -conf <url> option to specify a pre-configured options file.

The same command works in cmd and csr file is generated. Before this command I'm generating keypair using this code:

String generateKeyPair = "keytool -genkey -alias keypair \r\n"
                + "    -keyalg RSA -keystore src/main/resources/newKeyStoreFileName.jks \r\n"
                + "    -dname \"CN=Mark Smith, OU=JavaSoft, O=Sun, L=Cupertino, S=California, C=US\" \r\n"
                + "    -storepass pass -keypass pass";
Process proc1 = rt.exec(generateKeyPair);

Keypair is generated into jks file.

Solution

  • Your dashes are actually 'EN DASH' characters (U+2013). If I copy directly:

    $ echo "–certreq" | xxd
00000000: e280 9363 6572 7472 6571 0a              ...certreq.

    As opposed to if I type it out myself:

    $ echo "-certreq" | xxd
00000000: 2d63 6572 7472 6571 0a                   -certreq.

    So just a copy/paste error; probably wherever you're copying from is trying too hard to prettify the text, like a word processor or blog software might do. Try typing it out instead of copying.