Keytool is a tool used to manage java keystores. It allows to do the following:

• listing keystore contens
• changing (add/remove) keys and certificates
• generating keys and key pairs

Links:

• Self signed certificates for a known community

Help command is just:

keytool -h

Command to generate a key pair:

keytool -genkeypair -alias myalias -keyalg RSA -keysize 2048 -validity 730 -keystore ownjavakeystore.jks

Now to display the updated keystore content:

keytool -list -keystore ownjavakeystore.jks

Here is the command to export the myalias key pair into a certificate file called myalias.cer:

keytool -exportcert -keystore ownjavakeystore.jks -alias myalias -file myalias.cer