JDK-8191865 : keytool -help does not list all options
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Not an Issue
  • OS: generic
  • CPU: generic
  • Submitted: 2017-11-24
  • Updated: 2017-12-14
  • Resolved: 2017-12-14
Related Reports
Relates :  
JDK-8150226 - doc change for JDK-8130302
Sub Tasks
JDK-8191962 :  
Missing option in keytool.html documentation - Resolved
Description
keytool -help does not list all options.
keytool -help lists below options
==
>keytool -help
Key and Certificate Management Tool

Commands:

 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore

Use "keytool -command_name -help" for usage of command_name.
Use the -conf <url> option to specify a pre-configured options file.
==

Missing options
1) -keystore keystore can be directly used with keytool, keytool -help doesn't mention about that
example - keytool -keystore $KS -genkey -dname CN=fmatte -storepass $PASSWORD

2) -import can be directly used to import certificate
example keytool -import -v -trustcacerts -alias keyAlias  -file server.cer -keystore cacerts.jks

3) -export can be directly used to export certificate to local file
example keytool -export -alias keyAlias-storepass changeit  -file server.cer  -keystore keystore.jks

4) -selfcert can be directly used for self signing certs

5) -genkey can be directly used for generating key
Comments
The commands mentioned in the bug description are either obsolete or renamed and therefore do not appear on the help screen. They are still supported. -keystore is an option and does not show in "keytool -help". It appears in the help screen for a command, e.g. "keytool -help -list". See https://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html#Changes
14-12-2017
[~fmatte] It would be helpful to update this bug with specifically what is missing from keytool -help and put the doc issues in a subtask.
27-11-2017
keytool -help seems to be incomplete. Once that is updated then a docs bug should be created to ensure that the docs page is in sync.
27-11-2017
keytool -help is listing above options, this issue is for doc. https://docs.oracle.com/javase/9/tools/keytool.htm#JSWOR-GUID-5990A2E4-78E3-47B7-AE75-6D1826259549 page doesn't cover all the options. It misses above mentioned options.
27-11-2017
This is an issue with the keytool -help output. The keytool docs page should also be updated via a separate issue.
27-11-2017