KeyStore Explorer can help you with complex operations such as key pair generation and code signing. In this respect, the real merit of the developers has been the design of a graphic user interface to relieve you from the effort of using command-line utilities (Keytool and Jarsigner). The product is intended for Java developers, which explains why it seems so esoteric for the common user.
Let us start by taking a look at its interface, which is, after all, the real contribution. First, it looks quite outdated, although I do not think its potential users would mind that. Good news is that there is a sort of dashboard to start common operations such as creating and opening a KeyStore as well as opening and examining a certificate.
It is good that the application helps you follow the workflow. In this respect, you can begin by creating a KeyStore and picking a type from a list that includes JCEKS, JKS, PKCS #12, BKS-V1, UBER and BCFKS. Then, you should simply save the new KeyStore to a file, which also requires entering a KeyStore password. Next, you can proceed to generate a Key Pair, which is accessible from the menu. This time, you are asked to pick one of the algorithms (RSA, DSA and EC) and a Key Size. The following steps are editing the Key Pair name and adding certificate extensions.
Once you are done, the new entries are shown in KeyStore Explorer, from where you can browse, modify, import and export KeyStores. Likewise, it allows you to digitally sign Java applications. It is excellent that, thanks to the application’s support of a wide range of KeyStore, key pair, private key and certificate formats, it can be used to convert between them.
In general, KeyStore Explorer is definitely a convenient tool that saves you from memorizing and typing complex commands. However, compared with other similar tools, I think it is a shame that it does not support producing certificates in batches. The product is opensource and can be used for free.
v5.4 [Jan 3, 2019]
This release includes the following improvements and bug fixes:
Certificate serial numbers can now be entered in hexadecimal format as well (contributed by Stephen Tomkinson). Hex numbers are detected ...
if the input contains the letters a-f or A-F, for example "1a2b3c4d5e6f" or "1A2B3C4D5E6F" (decimal: 28772997619311)
or if the input starts with "0x", for example "0x12345678" would be interpreted as decimal 305419896
Additional button in "Certificate Extensions" window to save those extensions as a template (contributed by Stephen Tomkinson)
KSE allows now to select multiple entries by pressing SHIFT or CTRL and perform the following operations on all selected entries (contributed by Christoph Kaser):
cut
copy
paste
delete
Note that you have to use the "Edit" menu, the toolbar icons or the keyboard shortcuts (Ctrl-x, Ctrl-c, etc.) to select the operation. The right click menu cancels the selection of multiple entries.
Fixed AKI/SKI extensions and Issuer/Subject Organisation not shown in table view (reported by Michael Karnerfors)
Fixed AKI/SKI extensions not being updated when added from a template or CSR (reported by Michael Karnerfors)
Fixed an error when inspecting a SAN extension that contains a User Principal Name (reported by e4711s)
Key Usage extension is now correctly marked as critical in all default extension templates (reported by James K Polk)
macOS: Fixed an incompatibility with VAqua Look&Feel that caused a save dialog to be shown instead of an open dialog (reported by Filipe Forneck, fix contributed by Gary Bartlett)
macOS: VAqua Look&Feel is no longer the default
macOS: The application bundle now contains a custom Java runtime. This fixes issues with detection of JRE installations and notarization.
SHA256 is now used in timestamp requests (instead of SHA1)
PKCS#12 is now the default when creating a new keystore. This reflects the transition from JKS to PKCS#12 as the default keystore in Java 9 (JEP 229).
Updated Bouncy Castle library to version 1.66
