"keytool -list" Command Examples - List Keystore Entries


How to use the "keytool -list" command? I want to see what in the keystore file.

✍: FYIcenter.com


Here is an example of using "keytool -list" command to display a list of all entries in the default keystore file:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -list
-storepass FYIcenter

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

2ndkey, Jul 4, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1):
mykey, Jul 1, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1):

What this command did for you:

  • Open the default keystore file in your home folder: C:\Users\fyicenter\.keystore.
  • Read all entries in the keystore file.
  • Display the basic information of each entry: the alias name, creation date, type of the entry, fingerprint of the certificate.

Note that a "PrivateKeyEntry" entry contains both the private key and the self-signed certificate of the public key.

If you want to save the certificate in a file, you can use the "-file" option:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -exportcert
-storepass FYIcenter -alias 2ndkey -rfc -file 2nd_cert.pem

Certificate stored in file <2nd_cert.pem>

2012-07-19, 4733👍, 0💬