# List all entries in a JKS
keytool -list -keystore mykeystore.jks -storepass changeit
# List all entries in a PKCS12
keytool -list -keystore mykeystore.jks -storepass changeit -storetype pkcs12
# List detailed information about all entries in a JKS
keytool -list -v -keystore mykeystore.jks -storepass changeit
# Rename an alias in a JKS
keytool -changealias -alias "client01" -destalias "client02" -keystore mykeystore.jks -storepass changeit
# Remove an alias in a JKS
keytool -delete -alias "client01" -keystore mykeystore.jks -storepass changeit
# Create a JKS with a self-signed certificate
keytool -genkey -keyalg RSA -alias client01 -keystore mykeystore.jks -storepass changeit -validity 365 -keysize 2048
# Create a JKS and import certificate from file (if keystore does not exist it will be created)
keytool -keystore mykeystore.jks -storepass changeit -import -file mycertfile.crt
# Import a certificate to trust to a jks
keytool -import -alias server01 -file server01.crt -keystore mykeystore.jks
# Change JKS keystore password
keytool -storepasswd -keystore mykeystore.jks
# Change a JKS key's password:
keytool -keypasswd -alias <key_name> -keystore mykeystore.jks
# Extract certificate from a jks keystore
keytool -export -keystore mykeystore.jks -alias client01 -file client01.crt
# Convert a PKCS12 (p12) certificate to JKS
keytool -importkeystore
-srckeystore mysourcekeystore.p12
-destkeystore mydestkeystore.jks
-srcstoretype PKCS12
-deststoretype JKS
-srcstorepass mysourcepassword
-deststorepass mydestpassword
-srcalias mysourcecertalias
-destalias mydetscertalias
-srckeypass mysourcekeypassword
-destkeypass mydestkeypassword
# Convert a JKS keystore to a PKCS12 keystore
keytool -importkeystore
-srckeystore mykeystore.jks
-destkeystore mykeystore.p12
-deststoretype pkcs12
# Generate a self-signed certificate and put it into a JKS (valid for 720 days)
keytool -genkey
-keyalg RSA
-alias server
-keystore selfsigned.jks
-validity 720
-keysize 2048
Tested on Red Hat 7 and Java 8
Google+
0 Comments.