Tim Holloway wrote:Keytool operates on 2 password levels. One is for the keystore database itself and one is for the key entry. That's probably what's confusing you. Each key entry has its own password.
There's a GUI app called portacle that I have found invaluable for working with keystores. It not only allows you to do maintenance on keystores, you can also do imports, exports, and keytype conversions.
Incidentally, keystore databases are self-contained, so you can easily do offline maintenance and copy them to their proper home. Or create and destroy test keystores until you have what you want. I find this especially useful since my production servers don't run a GUI desktop, so I can use portacle locally and then copy the properly-configured keystore to its production home.
Tim Holloway wrote:Also: http://portecle.sourceforge.net/
This tool really does make it easier to work with keys and keystores. Sorry I misspelled it. "portacle" is a LISP development system unrelated to Java or keystores. You want portecle with an "e", not an "a".