Java keytool

List certificates

keytool -list -keystore keystore.jks -v

keytool -list -keystore server.p12 -storetype PKCS12 -v

Convert from JKS to P12

keytool -importkeystore -srckeystore keystore.jks \
-srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12

Convert from P12 to JKS

keytool -importkeystore -srckeystore keystore.p12 \
-srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks

Import a root or intermediate CA certificate to an existing Java keystore

keytool -import -trustcacerts -alias rootCA -file CAcert.crt \
-keystore keystore.jks

jinfo ”can’t attach to the process”

Tried to run jinfo on my Ubuntu 12.04 and got this error message:

$ ./jinfo <vmid>
Error attaching to process: sun.jvm.hotspot.debugger.DebuggerException: Can't attach to the process

enabled debugging:

echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope

and tried again:

$ ./jinfo <vmid>
Attaching to process ID <vmid>, please wait...
Debugger attached successfully.
Server compiler detected.

Solution found here:

Java parameters

Dump of the GC history when OOM exception.


Conf java for remote JMX

GC logging

Requires at least java 1.6.0_45

-Xloggc:/tmp/gc.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=50M

can be adde to .lax-file

Install Java 6 in Ubuntu

Java 6

Download jdk-6u45-linux-x64.bin from Oracle

$ chmod +x jdk-6u45-linux-x64.bin
$ ./jdk-6u45-linux-x64.bin
$ sudo mv jdk1.6.0_45 /opt
$ sudo update-alternatives --install "/usr/bin/java" "java" "/opt/jdk1.6.0_45/bin/java" 1
$ sudo update-alternatives --install "/usr/bin/javac" "javac" "/opt/jdk1.6.0_45/bin/javac" 1
$ sudo update-alternatives --install "/usr/bin/javaws" "javaws" "/opt/jdk1.6.0_45/bin/javaws" 1

$ sudo update-alternatives --set java /opt/jdk1.6.0_45/bin/java
$ sudo update-alternatives --set javac /opt/jdk1.6.0_45/bin/javac
$ sudo update-alternatives --set javaws /opt/jdk1.6.0_45/bin/javaws
($ sudo update-alternatives --config java)

Edit /etc/profile

export JAVA_HOME
export PATH

Run java monitoring tools inside a JRE (not JDK)

Monitoring tools are not included in JRE so if you can’t install a JDK the following files can be copied to the JRE.
Note! The JDK must match the JRE version.

All platforms

<JDK_ROOT>/lib/tools.jar –> <JRE_ROOT>/lib/tools.jar
<JDK_ROOT>/lib/jconsole.jar –> <JRE_ROOT>/lib/jconsole.jar

Ubuntu 12.04

<JDK_ROOT>/jre/lib/amd64/ –> <JRE_ROOT>/bin/
<JDK_ROOT>/bin/jconsole –> <JRE_ROOT>/bin/jconsole
<JDK_ROOT>/bin/jmap –> <JRE_ROOT>/bin/jmap
<JDK_ROOT>/bin/jps -> <JRE_ROOT>/bin/jps


<JDK_ROOT>\bin\jconsole.exe –> <JRE_ROOT>\bin
attach.dll – <JRE_ROOT>\bin
jmap.exe – <JRE_ROOT>\bin
jps.exe - <JRE_ROOT>\bin

Info found here:

Monitor Java app started as Windows Service under local system account

1. Install a service using sc.exe – that will open a command prompt under local service account by executing this on cmd window

sc create debugservice binpath= "cmd /K start" type= own type= interact

2. sc start debugservice

(on a remote desktop session, this service has to be started only in console session for the command prompt window to pop up)
will print message that [SC] StartService FAILED 1053: but will start a command prompt under local system account.

3. Launch e.g. jconsole.exe


Properties in LAX-file

Logging to console during manual installations

# export LAX_DEBUG=true

Set temp directory, default ”/tmp”

# export IATEMPDIR=temp_dir

Create response file for silent installation

# ./<installer>.bin -i console -r <filename>

Silent install with response file

# ./<installer>.bin -i silent -f <filename>

Java service in headless environment


When running java service on Linux or Unix and getting the following error message:
java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11GraphicsEnvironment


Add the Java parameter -Djava.awt.headless=true to the script file that starts the application.