Keytool Commands

which keytool
The will display the default keytool path.

 1) keytool -list -cacerts
This will show cacerts in the server.

2) keytool -list -keystore cacerts

3) keytool --v list -keystore cacerts -storepassword "password"
This will show the certificate in verbose mode.

This will show keystore file. It will prompt for keystore password. You need to provide the password for keystore.


4) keytool --importcert -trustcacerts -noprompt -file "certificatename.cer" -cacerts -alias "certificatelabelname" -storepass "password of the file"
This will import the certificate into cacerts 

5) keytool --importkeystore -srckeystore "file.pfx" -srcstoretype pkcs12 -destkeystore "file.jks"-deststoretype JKS -srcstorepass "source keystore password" -deststorepass "destination key store password"
This will import pcks12 certificate that contains root and intermediate into jks format. 

5) keytool --importcert -alias "certificatename in targetfile" -file "file.crt" -keystore "file.jks" -storepass "password of store key password"
This will import new ca certificate into the jks file.

6) keytool  -printcert -file certificate.crt 

This will print the certificate of the file with certificate name , its validitiy and finger print.

7) keytool  -showinfo -tls

This will show the TLS version of the environment and chipers available in this.

8) keytool  -v -list -cacerts -alias "certificatename"

This will show the alias certificate name.

9) keytool -list -keystore -storetype pkcs12 -storepass "keystore password"

This will show the keystore in the server.

10) keytool -import -trustcacerts -alias "certificate alias name "-file C:\temp\mdeCert.cer -keystore cacerts

This will import the certificate into keystore.