Generates a key in a keystore.


Attribute Description Required
alias the alias to add under Yes.
storepass password for keystore integrity. Must be at least 6 characters long Yes.
keystore keystore location No
storetype keystore type No
keypass password for private key (if different) No
sigalg the algorithm to use in signing No
keyalg the method to use when generating name-value pair No
verbose (true|false) verbose output when signing No
dname The distinguished name for entity Yes unless <dname> element is specified
saname The subject alternative name for entity. Requires Java 7 or higher. No
validity (integer) indicates how many days certificate is valid No
keysize (integer) indicates the size of key generated No

Alternatively you can specify the distinguished name by creating a <dname> sub-element and populating it with <param> elements that have a name and a value. When using the subelement, it is automatically encoded properly and commas (,) are replaced with \,.


The following two examples are identical:

<genkey alias="apache-group" storepass="secret"
        dname="CN=Ant Group, OU=Jakarta Division,, C=US"/>
<genkey alias="apache-group" storepass="secret">
    <param name="CN" value="Ant Group"/>
    <param name="OU" value="Jakarta Division"/>
    <param name="O"  value="Apache.Org"/>
    <param name="C"  value="US"/>