JAVA Keytool command

Blog Post created by parda25 Employee on Mar 11, 2018


Java Keytool is included with JAVA and used to manipulate a key or certificate. This article is provide a quick reference to keytool commands when working with Java Keystores.


This example is tested in Windows OS and JAVA 1.8.


  1. Creating and Importing Keystore Entries

This section covers Java Keytool commands that are related to generating key pairs and certificates, and importing certificates.


1.1. Generate Keys in New/Existing Keystore

> "%JAVA_HOME%\bin\keytool" -genkeypair -alias capamsvr1 -keyalg RSA -keystore capam.keystore


1.2. Import existing certificate

> "%JAVA_HOME%\bin\keytool" -import -trustcacerts -file dppam311a.crt -alias cspmsvr311 -keystore capam.keystore



  1. Viewing Keystore Entries

This section covers listing the contents of Java Keystores, such as viewing certificate information or exporting certificates.


2.1. List keystore certificates

> "%JAVA_HOME%\bin\keytool" -list -v -keystore capam.keystore

-v: verbose mode


2.2. View Certificate Information

> "%JAVA_HOME%\bin\keytool" -printcert -v -file sydpam.crt



  1. Modifying Keystore

This section covers the modification of Java Keystore entries, such as deleting or renaming aliases.


3-1. Change Keystore Password

> "%JAVA_HOME%\bin\keytool" -storepasswd -new newpass -keystore capam.keystore


3-2. Delete certificate from keystore

> "%JAVA_HOME%\bin\keytool" -delete -alias cspmserver3 -keystore capam.keystore


3-3. Rename Alias

> "%JAVA_HOME%\bin\keytool" -changealias -alias cspmserver3 -destalias newdomain -keystore capam.keystore



This should cover the most common JAVA keytool command to manipulate Java Keystore.