Fix keytool Public Keys in Reply and Keystore Don't Match
Fix keytool error Public keys in reply and keystore do not match by importing the signed certificate into the same alias that generated the CSR. Verify public-key hashes and distinguish this error from missing CA chain …
Generate a Self-Signed Certificate with keytool for localhost and IP SAN
Generate a PKCS12 keystore with keytool -genkeypair, add DNS and IP Subject Alternative Names for localhost and 127.0.0.1, verify with keytool -list -v, and see why CN alone fails modern HTTPS hostname checks.
Import Certificate into Java cacerts on Ubuntu, Debian, RHEL, Rocky Linux
Import a CA or TLS certificate into Java cacerts on Ubuntu, Debian, RHEL, and Rocky Linux with keytool -importcert: locate cacerts, use a copy for safe testing, default password changeit, and distro-specific system trust …
Import Root, Intermediate, and Server Certificate Chain with keytool
Import a TLS chain into a Java PKCS12 keystore with keytool: root CA and intermediate as trustedCertEntry, server reply on the PrivateKeyEntry alias, correct order, -trustcacerts, and chain verification with keytool …
keytool vs OpenSSL: Which Tool to Use for Certificates and Keystores
Compare keytool and OpenSSL for CSR generation, remote certificate inspection with openssl s_client, PEM key handling, PKCS12 creation, Java keystore import, and TLS chain debugging — with a task-by-task table so you …
Change Alias, Change Password, Delete Entries in Java Keystore
Rename keystore aliases with keytool -changealias, rotate the store password with -storepasswd, change per-key passwords on JKS (not PKCS12), and remove entries with -delete — with real PKCS12 and JKS output from Ubuntu.
Export Certificate from Java Keystore in PEM and DER Format
Export a certificate from a Java keystore with keytool -exportcert: DER binary without -rfc, PEM text with -rfc, verify with keytool -printcert and file, and know when the private key is not included.
List and Inspect Java Keystore Entries: Alias, Expiry, SAN, Fingerprint
Use keytool -list and keytool -list -v to read keystore aliases, entry types, SHA-256 fingerprints, certificate expiry, and Subject Alternative Names on PKCS12 files, plus an awk one-liner to spot certificates nearing …
Convert JKS to PKCS12 and PKCS12 to JKS with keytool
Convert Java JKS keystores to PKCS12 and PKCS12 back to JKS with keytool -importkeystore, understand the proprietary JKS warning, and learn why OpenJDK defaults to PKCS12 since Java 9 (JEP 229).
Import PKCS12/PFX into Java Keystore Using keytool
Import a PKCS12 or PFX bundle into a Java keystore with keytool -importkeystore, use PKCS12 directly as the store type on OpenJDK 9+, merge into an existing keystore, and verify PrivateKeyEntry after import.
Import PEM Certificate and Private Key into Java Keystore
keytool cannot import a PEM private key on its own. Learn why -importcert creates trustedCertEntry instead of PrivateKeyEntry, then wrap cert and key with openssl pkcs12 -export and use keytool -importkeystore for a …
Keystore vs Truststore in Java: Practical Difference with TLS Example
A Java keystore holds your TLS identity (private key and certificate chain). A truststore holds CA certificates you trust when validating peers. Learn PrivateKeyEntry vs trustedCertEntry, cacerts vs custom truststore, …
Use Custom Java Truststore Instead of Editing cacerts
Prefer a custom PKCS12 truststore over editing JDK cacerts: isolate private CA trust per app, survive package upgrades, and set javax.net.ssl.trustStore without touching the global Java CA bundle.
keytool Command Examples in Linux: Complete Cheat Sheet
keytool is the Java CLI for keystores and truststores: generate key pairs, build CSRs, import CA-signed certificates and PKCS12 bundles, list aliases, export PEM certs, and manage passwords. This cheat sheet covers …
How to Install keytool on Ubuntu
Fix keytool command not found on Ubuntu by installing OpenJDK (default-jdk or openjdk-21-jdk), set JAVA_HOME and PATH, verify with keytool -help, run a PKCS12 smoke test, update through apt, and uninstall cleanly.
OpenSSL vs LibreSSL vs BoringSSL: Which TLS Library Should You Use?
Compare OpenSSL, LibreSSL, and BoringSSL for TLS and cryptography: intended audience, API stability, FIPS, how Linux distributions package each library, and when each is the right choice—with commands to verify what your …
OpenSSL Command Cheat Sheet: Keys, Certificates, TLS & PKCS#12
OpenSSL is the standard CLI for TLS keys, X.509 certificates, CSRs, chain verification, PKCS#12 bundles, file encryption, and live HTTPS inspection. This cheat sheet covers everyday subcommands with copy-paste tables and …
PKI, Certificates, CA, CRL, and OCSP Explained for Beginners
Beginner-friendly PKI tutorial: public keys, X.509 certificates, Certificate Authorities, trust chains, SAN extensions, PEM and PFX formats, CRL vs OCSP revocation, TLS and mTLS handshakes—with diagrams and OpenSSL …
How to Create PKCS12 from CRT and KEY with OpenSSL
Create a PKCS12 (.p12) keystore from CRT and KEY with OpenSSL pkcs12 -export for Java keytool, Oracle JSSE, and IBM apps. Covers alias, chain, self-signed certs, -legacy for older Java, cert-only bundles, and …
How to Create a PFX from CRT and KEY with OpenSSL
Create a PFX or P12 file from CRT and KEY with OpenSSL pkcs12 -export: add intermediate chain with -certfile, set export password with -passout, and use -legacy for Windows IIS. Copy-paste examples with verification …
How to Extract a Private Key from PFX with OpenSSL
Use OpenSSL pkcs12 to extract a private key, certificate, and CA chain from a PFX or P12 file on Linux. Covers password-protected and empty-password PFX, unencrypted PEM for nginx, -legacy for old Windows exports, and …
How to Verify a Certificate Matches a Private Key with OpenSSL
Verify a certificate matches a private key with OpenSSL: compare RSA modulus MD5 hashes, use pkey -pubout for EC and ECDSA, check CSR alignment, and test encrypted keys. Covers nginx mismatch errors and copy-paste …
Where Is OpenSSL Config, Certificates, and Libraries? (Linux & Windows)
Find where OpenSSL keeps openssl.cnf, trust-store certificates, libssl libraries, and the openssl binary on Linux and Windows. Use openssl version -d, which openssl, ldconfig, and OPENSSL_CONF when paths differ between …
How to Install OpenSSL on Ubuntu
Install OpenSSL on Ubuntu with apt (openssl and libssl-dev), verify with openssl version, understand when the distro package is enough versus building from source, and generate a test TLS key and certificate.
How to Generate a Self-Signed Certificate with OpenSSL
Generate a self-signed SSL certificate with OpenSSL in one command or via CSR: RSA 2048/4096, EC, Ed25519, SAN for localhost and IP addresses, encrypted keys, and nginx-ready PEM files. Copy-paste examples with real …
3 Methods to Perform DNS Reconnaissance
DNS reconnaissance is a technique to gather information about DNS (Domain Name System) data. This process helps in identifying the network infrastructure and
Active and Passive Reconnaissance Explained
Common active reconnaissance methods include the following:
URL Fuzzer and Web Application Fuzzing Tools
Learn what a URL fuzzer does, how web application fuzzing works, when to use online URL fuzzers vs command-line tools, and how to choose between FFUF, Gobuster, Dirsearch, Wfuzz, Feroxbuster, and Burp Intruder for …
How to Find Hidden API Endpoints
Learn practical and authorized ways to find hidden API endpoints using browser DevTools, JavaScript files, GitHub search, archived URLs, gau/getallurls, APK analysis, and JS recon tools such as LinkFinder and JSFScan.
Ethical Hacking & Penetration Testing Tutorial (Hands-On)
Free, hands-on ethical hacking and penetration testing tutorial - lab setup, reconnaissance, password cracking, phishing, web/mobile pentesting, MITM attacks, and exploitation frameworks. 80+ practical lessons.






