Java "keytool -exportcert" Command Options


What options are supported by the "keytool -exportcert" command?



Java Keytool can be used to export a single certificate out of a key store file with the "keytool -exportcert" command which supports the following options:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -exportcert -help

keytool -exportcert [OPTION]...

Exports certificate


 -rfc                            output in RFC style
 -alias <alias>                  alias name of the entry to process
 -file <filename>                output file name
 -keystore <keystore>            keystore name
 -storepass <arg>                keystore password
 -storetype <storetype>          keystore type
 -providername <providername>    provider name
 -providerclass <providerclass>  provider class name
 -providerarg <arg>              provider argument
 -providerpath <pathlist>        provider classpath
 -v                              verbose output
 -protected                      password through protected mechanism

Use "keytool -help" for all available commands

The "keytool -exportcert" command reads (from the keystore) the certificate associated with alias, and stores it in the file cert_file.

If no file is given, the certificate is output to stdout.

The certificate is by default output in binary encoding, but will instead be output in the printable encoding format, as defined by the Internet RFC 1421 standard, if the -rfc option is specified.

If alias refers to a trusted certificate, that certificate is output. Otherwise, alias refers to a key entry with an associated certificate chain. In that case, the first certificate in the chain is returned. This certificate authenticates the public key of the entity addressed by alias.

This command was named -export in previous releases. This old name is still supported in this release and will be supported in future releases, but for clarify the new name, -exportcert, is preferred going forward.

2012-07-19, 5749👍, 0💬