kaikramer
commented
1 year ago Well, keytool is the command line tool, KSE is the GUI tool.
Closed Individuum92 closed 9 months ago
kaikramer
commented
1 year ago Well, keytool is the command line tool, KSE is the GUI tool.
TheBritz
commented
1 year ago @kaikramer I also have interest in somehow using the backend of your tool via cli or some automation-compatible mechanism.
In our case we have a large number of micro-services that we need to generate individual self-signed certs to support the need for end-to-end TLS within our system. The problem that we are having right now is to fully establish the truststores, we need to import 100+ certs via keytool during our system initialization - one at a time and keytool is very slow doing this. keytool doesn't support import of a trust bundle either sooooo hooray.
It appears that your tool is much more performant and could yield us significant benefits but only in a way that could be automated via our K8s init container scripting.
kaikramer
commented
1 year ago @TheBritz There is a much easier solution for your problem: All you need is a Java developer who then has to write maybe 30 lines of code using the KeyStore API for that task. This is really not difficult and there are plenty of examples available on the internet.
Both keytool and KSE are also based on the KeyStore API, but for your bulk-import issue you only need a tiny fraction of their feature set. A CLI tool specifically made for this task is the better option here IMHO.
Is there a way to create KeyStores by using the command line on windows? If not (as it looks like), is it planed?
Thanks!