Core Java

Keytool in Java

1. What is Keytool?

A keytool is a command line platform in Java used for storing and generating certificates and private keys. It functions by enabling users to manage and access their public and private key pairs and certificates that are cached by the server due to previous authentifications and used for SSL/TLS connections. Inorder to access the keytool command line, type "Keytool" followed by pressing the key "Enter" in powershell, cmd.exe or other command line tools that can run in administrator mode. It can be illustrated like this:

Fig. 1. Keytool displays commands
Fig. 1. Keytool displays commands

2. Creating a Self-Signed Certificate

Self-signed certificates are certificates that are used to test the environment and are the best alternatives for purchasing and renewing yearly certifications. This certificate is issued and signed by the company or developer who is responsible for the website or software associated with the certificate. The example below shows you how to create one in your command-line tool.

Fig. 2. Creating Self-Signed Certificate
Fig. 2. Creating Self-Signed Certificate

3. Listing Certificates in the Keystore

Inorder to list the certificates present in our keystore, we use the "Keytool list command" as such:

Fig. 3. Listing Certificate in the Keystore
Fig. 3. Listing Certificate in the Keystore

4. CACERTS keystore

A "CACERTS" is a truststore. A truststore is a category of keystore. A truststore is used to authenticate peers meanwhile a keystore is used to authenticate yourself. Truststores are used to store certificates from certified authorities (CA) that verify certificates presented by the server through SSL connections while keystore is used to store private keys and certificates that are specific to both parties server and client for verification. This example shows you a CACERTS keystore:

Fig. 4. CACERTS Keystore
Fig. 4. CACERTS Keystore

5. Deleting an Alias

We use the “Keytool delete” command to delete any alias in the keystore. In this example we will show you how to delete an alias as shown:

Fig. 5.Deleting an Alias
Fig. 5. Deleting an Alias

6. Changing Java Keystore Password

Inorder to change a Java Keystore password, we use the "keytool -keypasswd" command. It should be noted here that the default Java keystore password is “change it”. It can be demonstrated like this:

Fig. 6. Changing Java Keystore Password
Fig. 6. Changing Java Keystore Password

7. Exporting Certificate from a Keystore

When trying to export a certificate from a keystore, we use the command "keytool -exportcert" an example is illustrated below:

Fig. 7. Exporting Certificate from a Keystore
Fig. 7. Exporting Certificate from a Keystore

8. Other Features

Incase you need to check the content of certificate you created, you can use the "keytool -printcert" command and it will show you every information you have in your certificate. Thanks for reading!

Want to know how to develop your skillset to become a Java Rockstar?

Join our newsletter to start rocking!

To get you started we give you our best selling eBooks for FREE!


1. JPA Mini Book

2. JVM Troubleshooting Guide

3. JUnit Tutorial for Unit Testing

4. Java Annotations Tutorial

5. Java Interview Questions

6. Spring Interview Questions

7. Android UI Design


and many more ....


Receive Java & Developer job alerts in your Area

I have read and agree to the terms & conditions


Amanye Sirri

Sirri holds an Engineering Diploma in Computer Science with a major in Software Engineering from the African Institute of Computer Science in Cameroon. During her studies, she has been involved with a large number of projects ranging from programming to software engineering and design and analysis. She works as a computer teacher where she teaches students how to code in Java.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Back to top button