Browse by distribution
Choose your Linux distribution to see install guides and configuration tutorials written for that OS.
Ubuntu tutorials
Step-by-step Ubuntu tutorials — install packages, configure services, and fix common issues on Ubuntu LTS and interim releases.
Debian tutorials
Debian administration and install guides — apt, systemd, and server configuration on Debian stable and testing.
Rocky Linux tutorials
Rocky Linux how-to guides — dnf, SELinux, systemd services, and RHEL-compatible administration.
RHEL tutorials
RHEL and Red Hat administration guides — subscription manager, dnf/yum, SELinux, and enterprise Linux configuration.
CentOS tutorials
CentOS and CentOS Stream administration — yum/dnf, services, and migration notes for RHEL-compatible systems.
AlmaLinux tutorials
AlmaLinux server guides — dnf, EPEL, systemd, and RHEL-compatible install and configuration steps.
Fedora tutorials
Fedora administration and development guides — dnf, systemd, and bleeding-edge Linux workflows.
Arch Linux tutorials
Arch Linux guides — pacman, AUR workflows, and rolling-release administration.
All Linux articles
Every tutorial tagged with the Linux category, including distribution-neutral guides.
All Linux articles
How to List Users in Linux (getent, passwd, who, id)
List users in Linux with getent, /etc/passwd, who, and id. Filter normal and system accounts, see logged-in sessions, and check whether a user exists on Ubuntu and RHEL.
SSH Authentication Methods in sshd_config (Password, Public Key, PAM)
Configure OpenSSH authentication in sshd_config: password, public key, keyboard-interactive, host-based, GSSAPI, AuthenticationMethods, and Match blocks on Linux.
How to View a Certificate with OpenSSL (PEM, CER, Chain, Bundle)
Use OpenSSL to view PEM, CRT, CER, chain, bundle, PFX, and P7B certificates. Check expiry, SAN, fingerprint, remote TLS certs, and verify chains.
How to List Groups in Linux and Check User Group Membership
List groups in Linux with getent, groups, id, and /etc/group. Check user group membership, list group members, and compare primary vs supplementary groups.
Set up Proxy using http_proxy, https_proxy and no_proxy in Linux
Learn how to configure http_proxy, https_proxy and no_proxy environment variables in Linux temporarily, permanently, system-wide, and for tools like curl, wget, apt, git and Docker.
How to Install Node.js on Ubuntu
Install Node.js on Ubuntu with apt nodejs, NodeSource setup scripts, NVM for multiple versions, or the official nodejs.org linux-x64 tar.xz under /opt, verify with node --version and npm --version, and uninstall per …
Automate keytool Certificate Import in Bash Safely
Back up a PKCS12 truststore, check the keytool alias and SHA-256 fingerprint, import a CA only when missing, and exit cleanly for Ansible, systemd, and CI pipelines.
Keytool & Java Keystore Tutorial for Beginners
Complete keytool tutorial for Java keystores and truststores - generate PKCS12 keys, import CA-signed chains, automate truststore imports with Bash, sign and verify JAR files with jarsigner, build mTLS keystores and …
Sign and Verify a JAR File with keytool and jarsigner
Create a code-signing keypair with keytool, sign a sample JAR with jarsigner, verify the signature, and read the PKIX chain warnings jarsigner prints for a self-signed certificate.
Create Java mTLS Keystore and Truststore with keytool
Create Java mTLS keystore and truststore files with keytool and OpenSSL, then run a mutual TLS HttpsServer lab that fails without a client cert and succeeds.
How to Configure Java javax.net.ssl.trustStore and keyStore Properties
Set javax.net.ssl.trustStore and keyStore JVM properties after building a PKCS12 file with keytool: property names, -D flags, JAVA_TOOL_OPTIONS, and a lab that fails without trustStore then succeeds.
How to Import Certificates into App-Specific Java Truststores
Fix PKIX after importing into the wrong cacerts. Find the Java truststore your app actually uses, including bundled JRE cacerts, and import with keytool.
Renew or Replace an Expired Certificate in an Existing Java Keystore
Renew an expired TLS certificate in an existing Java PKCS12 keystore by checking expiry with keytool -list -v, exporting a CSR from the same alias, and importing the CA-signed reply without deleting the private key.
Fix keytool Invalid keystore format Error
Fix keytool Invalid keystore format by matching JKS or PKCS12 storetype to the file, avoiding PEM certificates as keystores, and repairing empty or corrupt keystore paths.
Add Java Truststore in Docker and Kubernetes Using keytool
Build a custom PKCS12 Java truststore with keytool for Docker and Kubernetes: RUN importcert in the image, set JAVA_TOOL_OPTIONS with trustStoreType=PKCS12, or use an initContainer with a mounted CA Secret and emptyDir …
How to Find the Correct Java cacerts File Used by an Application
Find which Java cacerts file your application actually uses: compare JAVA_HOME, java.home, bundled JRE paths, and javax.net.ssl.trustStore overrides before importing a CA certificate.
Fix Java No Subject Alternative Names Present with keytool
Fix Java No subject alternative names present by adding DNS and IP SAN entries with keytool -ext SAN so the certificate matches the hostname or IP clients use.
Fix keytool Failed to establish chain from reply
Fix keytool Failed to establish chain from reply by importing missing intermediate and root CA certificates before the server reply, using the correct keystore alias, or importing a complete PKCS7 chain bundle.
Fix keytool Certificate not imported, alias already exists
Fix keytool Certificate not imported, alias already exists by listing aliases, deleting or renaming the old entry, and re-importing to the correct keystore with a unique alias.
Fix keytool Error: Input not an X.509 certificate
Fix keytool Input not an X.509 certificate by importing valid PEM, DER, or supported certificate-chain input instead of HTML, private keys, PFX files, or malformed PEM.
Fix java.security.UnrecoverableKeyException: Cannot recover key
Fix java.security.UnrecoverableKeyException: Cannot recover key by aligning keystore and private key passwords in Tomcat, Spring Boot, and KeyManagerFactory.
Fix Java keytool Keystore Was Tampered With or Password Was Incorrect
Fix keytool Keystore was tampered with, or password was incorrect by checking storepass, file path, JKS vs PKCS12, cacerts, import passwords, and corruption.
Configure Spring Boot HTTPS with keytool Keystore and Truststore
Enable Spring Boot HTTPS on port 8443 with a PKCS12 keystore from keytool, set server.ssl.key-store in application.properties, add an optional truststore for private CAs, and verify with Java HttpClient.
Configure Tomcat SSL Certificate with keytool Keystore
Enable Tomcat 10 HTTPS on port 8443 with a PKCS12 keystore from keytool: import the CA chain before the server certificate, set certificateKeystoreFile in server.xml, and verify the TLS handshake.
Fix Java PKIX Path Building Failed Using keytool Truststore
Fix javax.net.ssl.SSLHandshakeException PKIX path building failed by importing your private CA chain into a PKCS12 truststore with keytool, then point the JVM at it with javax.net.ssl.trustStore — without editing …
Create a CSR with keytool and Import a CA-Signed Certificate
Generate a private key with keytool -genkeypair, build a CSR with -certreq, sign it with a local OpenSSL CA, and replace the self-signed entry using -importcert on the same alias.
Fix keytool Public Keys in Reply and Keystore Don't Match
Fix keytool error Public keys in reply and keystore do not match by importing the signed certificate into the same alias that generated the CSR. Verify public-key hashes and distinguish this error from missing CA chain …
Generate a Self-Signed Certificate with keytool for localhost and IP SAN
Generate a PKCS12 keystore with keytool -genkeypair, add DNS and IP Subject Alternative Names for localhost and 127.0.0.1, verify with keytool -list -v, and see why CN alone fails modern HTTPS hostname checks.
Import Certificate into Java cacerts on Ubuntu, Debian, RHEL, Rocky Linux
Import a CA or TLS certificate into Java cacerts on Ubuntu, Debian, RHEL, and Rocky Linux with keytool -importcert: locate cacerts, use a copy for safe testing, default password changeit, and distro-specific system trust …
Import Root, Intermediate, and Server Certificate Chain with keytool
Import a TLS chain into a Java PKCS12 keystore with keytool: root CA and intermediate as trustedCertEntry, server reply on the PrivateKeyEntry alias, correct order, -trustcacerts, and chain verification with keytool …

