keytool

Default password for a keystore

changeit

List the certificates in the store

keytool -list -keystore ./keystore.jks

Export a cert

keytool -export -alias ALIAS -keystore ./keystore.jks -file /tmp/FILE

Look at the exported cert with openssl

openssl x509 -text -inform DER -in /tmp/FILE

Look at a cert’s detalis with keytool

Provides very similar to the openssl command above.

keytool -keystore keystore.jks -list -v

Import a certificate

keytool -import -alias root -keystore ../cacerts -file ./certificate.crt

Export an entry from one keystore and import into another keystore

keytool -importkeystore -v -srckeystore SOURCE.p12 -destkeystore DEST.p12 -srcstoretype PKCS12 -srcalias localhost -destalias localhost