security

Fix keytool Public Keys in Reply and Keystore Don't Match

Fix keytool error Public keys in reply and keystore do not match by importing the signed certificate into the same alias that generated the CSR. Verify public-key hashes and distinguish this error from missing CA chain …

Deepak Prasad6 min read
security

Generate a Self-Signed Certificate with keytool for localhost and IP SAN

Generate a PKCS12 keystore with keytool -genkeypair, add DNS and IP Subject Alternative Names for localhost and 127.0.0.1, verify with keytool -list -v, and see why CN alone fails modern HTTPS hostname checks.

Deepak Prasad7 min read
security

Import Certificate into Java cacerts on Ubuntu, Debian, RHEL, Rocky Linux

Import a CA or TLS certificate into Java cacerts on Ubuntu, Debian, RHEL, and Rocky Linux with keytool -importcert: locate cacerts, use a copy for safe testing, default password changeit, and distro-specific system trust …

Deepak Prasad6 min read
security

Import Root, Intermediate, and Server Certificate Chain with keytool

Import a TLS chain into a Java PKCS12 keystore with keytool: root CA and intermediate as trustedCertEntry, server reply on the PrivateKeyEntry alias, correct order, -trustcacerts, and chain verification with keytool …

Deepak Prasad7 min read
security

keytool vs OpenSSL: Which Tool to Use for Certificates and Keystores

Compare keytool and OpenSSL for CSR generation, remote certificate inspection with openssl s_client, PEM key handling, PKCS12 creation, Java keystore import, and TLS chain debugging — with a task-by-task table so you …

Deepak Prasad9 min read
security

Change Alias, Change Password, Delete Entries in Java Keystore

Rename keystore aliases with keytool -changealias, rotate the store password with -storepasswd, change per-key passwords on JKS (not PKCS12), and remove entries with -delete — with real PKCS12 and JKS output from Ubuntu.

Deepak Prasad7 min read
security

Export Certificate from Java Keystore in PEM and DER Format

Export a certificate from a Java keystore with keytool -exportcert: DER binary without -rfc, PEM text with -rfc, verify with keytool -printcert and file, and know when the private key is not included.

Deepak Prasad7 min read
security

List and Inspect Java Keystore Entries: Alias, Expiry, SAN, Fingerprint

Use keytool -list and keytool -list -v to read keystore aliases, entry types, SHA-256 fingerprints, certificate expiry, and Subject Alternative Names on PKCS12 files, plus an awk one-liner to spot certificates nearing …

Deepak Prasad6 min read
security

Convert JKS to PKCS12 and PKCS12 to JKS with keytool

Convert Java JKS keystores to PKCS12 and PKCS12 back to JKS with keytool -importkeystore, understand the proprietary JKS warning, and learn why OpenJDK defaults to PKCS12 since Java 9 (JEP 229).

Deepak Prasad7 min read
security

Import PKCS12/PFX into Java Keystore Using keytool

Import a PKCS12 or PFX bundle into a Java keystore with keytool -importkeystore, use PKCS12 directly as the store type on OpenJDK 9+, merge into an existing keystore, and verify PrivateKeyEntry after import.

Deepak Prasad6 min read
security

Import PEM Certificate and Private Key into Java Keystore

keytool cannot import a PEM private key on its own. Learn why -importcert creates trustedCertEntry instead of PrivateKeyEntry, then wrap cert and key with openssl pkcs12 -export and use keytool -importkeystore for a …

Deepak Prasad7 min read
security

Keystore vs Truststore in Java: Practical Difference with TLS Example

A Java keystore holds your TLS identity (private key and certificate chain). A truststore holds CA certificates you trust when validating peers. Learn PrivateKeyEntry vs trustedCertEntry, cacerts vs custom truststore, …

Deepak Prasad12 min read
security

Use Custom Java Truststore Instead of Editing cacerts

Prefer a custom PKCS12 truststore over editing JDK cacerts: isolate private CA trust per app, survive package upgrades, and set javax.net.ssl.trustStore without touching the global Java CA bundle.

Deepak Prasad7 min read
cheatsheet

keytool Command Examples in Linux: Complete Cheat Sheet

keytool is the Java CLI for keystores and truststores: generate key pairs, build CSRs, import CA-signed certificates and PKCS12 bundles, list aliases, export PEM certs, and manage passwords. This cheat sheet covers …

Deepak Prasad15 min read
security

How to Install keytool on Ubuntu

Fix keytool command not found on Ubuntu by installing OpenJDK (default-jdk or openjdk-21-jdk), set JAVA_HOME and PATH, verify with keytool -help, run a PKCS12 smoke test, update through apt, and uninstall cleanly.

Deepak Prasad9 min read
security

OpenSSL vs LibreSSL vs BoringSSL: Which TLS Library Should You Use?

Compare OpenSSL, LibreSSL, and BoringSSL for TLS and cryptography: intended audience, API stability, FIPS, how Linux distributions package each library, and when each is the right choice—with commands to verify what your …

Deepak Prasad12 min read
cheatsheet

OpenSSL Command Cheat Sheet: Keys, Certificates, TLS & PKCS#12

OpenSSL is the standard CLI for TLS keys, X.509 certificates, CSRs, chain verification, PKCS#12 bundles, file encryption, and live HTTPS inspection. This cheat sheet covers everyday subcommands with copy-paste tables and …

Deepak Prasad16 min read
security

PKI, Certificates, CA, CRL, and OCSP Explained for Beginners

Beginner-friendly PKI tutorial: public keys, X.509 certificates, Certificate Authorities, trust chains, SAN extensions, PEM and PFX formats, CRL vs OCSP revocation, TLS and mTLS handshakes—with diagrams and OpenSSL …

Deepak Prasad10 min read
security

How to Create PKCS12 from CRT and KEY with OpenSSL

Create a PKCS12 (.p12) keystore from CRT and KEY with OpenSSL pkcs12 -export for Java keytool, Oracle JSSE, and IBM apps. Covers alias, chain, self-signed certs, -legacy for older Java, cert-only bundles, and …

Deepak Prasad6 min read
security

How to Create a PFX from CRT and KEY with OpenSSL

Create a PFX or P12 file from CRT and KEY with OpenSSL pkcs12 -export: add intermediate chain with -certfile, set export password with -passout, and use -legacy for Windows IIS. Copy-paste examples with verification …

Deepak Prasad6 min read
security

How to Extract a Private Key from PFX with OpenSSL

Use OpenSSL pkcs12 to extract a private key, certificate, and CA chain from a PFX or P12 file on Linux. Covers password-protected and empty-password PFX, unencrypted PEM for nginx, -legacy for old Windows exports, and …

Deepak Prasad7 min read
security

How to Verify a Certificate Matches a Private Key with OpenSSL

Verify a certificate matches a private key with OpenSSL: compare RSA modulus MD5 hashes, use pkey -pubout for EC and ECDSA, check CSR alignment, and test encrypted keys. Covers nginx mismatch errors and copy-paste …

Deepak Prasad6 min read
security

Where Is OpenSSL Config, Certificates, and Libraries? (Linux & Windows)

Find where OpenSSL keeps openssl.cnf, trust-store certificates, libssl libraries, and the openssl binary on Linux and Windows. Use openssl version -d, which openssl, ldconfig, and OPENSSL_CONF when paths differ between …

Deepak Prasad9 min read
security

How to Install OpenSSL on Ubuntu

Install OpenSSL on Ubuntu with apt (openssl and libssl-dev), verify with openssl version, understand when the distro package is enough versus building from source, and generate a test TLS key and certificate.

Deepak Prasad5 min read
security

How to Generate a Self-Signed Certificate with OpenSSL

Generate a self-signed SSL certificate with OpenSSL in one command or via CSR: RSA 2048/4096, EC, Ed25519, SAN for localhost and IP addresses, encrypted keys, and nginx-ready PEM files. Copy-paste examples with real …

Deepak Prasad7 min read
security

3 Methods to Perform DNS Reconnaissance

DNS reconnaissance is a technique to gather information about DNS (Domain Name System) data. This process helps in identifying the network infrastructure and

Deepak Prasad5 min read
security

Active and Passive Reconnaissance Explained

Common active reconnaissance methods include the following:

Deepak Prasad4 min read
security

URL Fuzzer and Web Application Fuzzing Tools

Learn what a URL fuzzer does, how web application fuzzing works, when to use online URL fuzzers vs command-line tools, and how to choose between FFUF, Gobuster, Dirsearch, Wfuzz, Feroxbuster, and Burp Intruder for …

Deepak Prasad13 min read
security

How to Find Hidden API Endpoints

Learn practical and authorized ways to find hidden API endpoints using browser DevTools, JavaScript files, GitHub search, archived URLs, gau/getallurls, APK analysis, and JS recon tools such as LinkFinder and JSFScan.

Deepak Prasad11 min read
security

Ethical Hacking & Penetration Testing Tutorial (Hands-On)

Free, hands-on ethical hacking and penetration testing tutorial - lab setup, reconnaissance, password cracking, phishing, web/mobile pentesting, MITM attacks, and exploitation frameworks. 80+ practical lessons.

Deepak Prasad1 min read