30

I have a key store file cacerts under jre/lib/security in which i added a Certicate by using the import command.

There are more than 50 certificates in my keystore. How do i find the alias name of the last imported certificate in the keystore. I want to delete the last added certificate for which i need the alias name. Kindly help.

user903676
  • 319
  • 1
  • 4
  • 10

4 Answers4

56

You can list all certificates in the keystore like

on Linux

keytool -list -v -keystore keystore.jks | grep "Alias name\|Creation date"

on Windows

keytool -list -v -keystore keystore.jks | findstr "Alias Creation"
SubOptimal
  • 22,518
  • 3
  • 53
  • 69
  • thanks SubOptimal for your answer. I was able to list all the aliases with the creation date. However i am not able to find the certificate which i added yesterday. It has all the certificates added till 2014. i dont see any certificates which is added in 2015. I added the certificate using the following approach, let me know if it is correct. 1)open the URL and export the certificate from the browser to desktop and save it as root.cer. 2) import this root.cer file into the cacerts keystore file using the import command provided by the keytool. – user903676 Jan 23 '15 at 09:22
  • 1
    Sounds correct. Could you please add the command you have entered to import the cer file into your question? – SubOptimal Jan 23 '15 at 09:57
  • pls find the command i used to import the certificate. keytool -import -file . it prompted me to enter the password i gave default pwd 'changeit'. then it asked option Trust this certificate(no) : i gave yes. and it gave the message "certificate was added successfully". – user903676 Jan 23 '15 at 10:18
  • Then I would guess the import might was failed. You could list without filter and check if the certificat was imported. Search for the server name or something on what you could identify the certifacte. – SubOptimal Jan 23 '15 at 10:39
  • I tried to list the certificates without the filter but was unsuccessful. could you please let me know how to list the certificates without filter. – user903676 Jan 23 '15 at 10:55
4

Have you tried listing all certificates.

keytool -list -v -keystore keys.store

It may be in the order they were added.

Also if you added the certificate via command prompt or terminal check history.

Simulant
  • 19,190
  • 8
  • 63
  • 98
yohanfernando
  • 61
  • 5
  • I added the certificate using command prompt. When i am trying to add the certificate again it says the alias already exists. However when i checked to verify the count of the certificates in the cacerts file before and after adding the certificate the count of the certificates remains same. When i imported the certificate into the keystre it gave me the msg "the certificate was added to the keystore". Now 1) how can i verify if the certificate was added correctly. 2)In order to remove the certificate i need to know the alias name, how to find the alias name of the certificate which i added. – user903676 Jan 23 '15 at 09:06
2

You can use java.security.KeyStore to load your keystore and use aliases() method to get Enumaration of all alias names in your keystore file.

java security.Keystore java doc

zatenzu
  • 347
  • 2
  • 10
0

you can use this command for find added certificate by alias:

keytool -list -v -keystore keystore.jks -alias mydomain
forpas
  • 160,666
  • 10
  • 38
  • 76
navid kholghi
  • 71
  • 7