How do i list certificates in a java keystore?

  • Man page for keytool.

    Java KeyStore - JKS. Stores authorization certificates or public key certificates, plus corresponding private keys.

    Java based application make use of the keystore, for example Apache Tomcat.

    Excerpt from Oracle Documentation:

    Most Java applications use the keystore that is supplied with the JDK to store cryptographic keys, X.509 certificate chain information, and trusted certificates. The default JDK keystore on Oracle Linux is the file /etc/pki/java/cacerts. You can use the keytool command to generate self-signed certificates and to install and manage certificates in the keystore.

    Sometime keystore file names will have the .jks suffix.

    List the keystore.

    $ keytool -list -keystore /home/trainer/.keystore
    Enter keystore password:  
    Keystore type: JKS
    Keystore provider: SUN
    Your keystore contains 1 entry
    tomcat, Mar 6, 2019, PrivateKeyEntry, 
    Certificate fingerprint (SHA1): 
    The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /home/trainer/.keystore -destkeystore /home/trainer/.keystore -deststoretype pkcs12".

    Note: The warning is as described and some java application allow alternative ways of providing certificated.


© Lightnetics 2019