My Java Keytool cheat sheet

# List all entries in a jks
keytool -list -keystore mykeystore.jks -storepass changeit

# List detailed information about all entries in a jks
keytool -list -v -keystore mykeystore.jks -storepass changeit

# Rename an alias in a jks
keytool -changealias -alias "client01" -destalias "client02" -keystore mykeystore.jks -storepass changeit

# Remove an alias in a jks
keytool -delete -alias "client01" -keystore mykeystore.jks -storepass changeit

# Create a jks with a self-signed certificate
keytool -genkey -keyalg RSA -alias client01 -keystore mykeystore.jks -storepass changeit -validity 365 -keysize 2048

# Create a jks and import certificate from file (if keystore does not exist it will be created)
keytool -keystore mykeystore.jks -storepass changeit -import -file mycertfile.crt

# Import a certificate to trust to a jks
keytool -import -alias server01 -file server01.crt -keystore mykeystore.jks

# Change jks keystore password 
keytool -storepasswd -keystore mykeystore.jks

# Change a jks key's password:
keytool -keypasswd  -alias <key_name> -keystore mykeystore.jks

# Extract certificate from a jks keystore
keytool -export -keystore mykeystore.jks -alias client01 -file client01.crt

Tested on Red Hat 7 and Java 8

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre lang="" line="" escaped="" cssfile="">

This site uses Akismet to reduce spam. Learn how your comment data is processed.