"keytool -list" Command Examples - List Keystore Entries

Q

How to use the "keytool -list" command? I want to see what in the keystore file.

✍: FYIcenter.com

A

Here is an example of using "keytool -list" command to display a list of all entries in the default keystore file:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -list
-storepass FYIcenter

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

2ndkey, Jul 4, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1):
8C:35:4B:1A:25:02:74:32:A8:2D:E4:01:E4:F3:93:13:F5:EE:C0:DA
mykey, Jul 1, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1):
FA:34:B5:C0:91:37:81:AD:E3:C6:3E:2D:0B:D7:3C:24:30:E0:42:29

What this command did for you:

  • Open the default keystore file in your home folder: C:\Users\fyicenter\.keystore.
  • Read all entries in the keystore file.
  • Display the basic information of each entry: the alias name, creation date, type of the entry, fingerprint of the certificate.

Note that a "PrivateKeyEntry" entry contains both the private key and the self-signed certificate of the public key.

If you want to save the certificate in a file, you can use the "-file" option:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -exportcert
-storepass FYIcenter -alias 2ndkey -rfc -file 2nd_cert.pem

Certificate stored in file <2nd_cert.pem>

2012-07-19, 4909👍, 0💬