20

I have sucessfully imported the certificate by below command:

keytool -import -alias "alias-name" -file 
  "C:\somepath\Certificate\portal.cer 
  -keystore C:\Program Files\Java\jdk1.7.0_79\jre\lib\cacerts"

Now I am trying to delete the imported certificate with 

keytool -delete -alias "alias-name" -keystore 
     "C:\Program Files\Java\jdk1.7.0_79\jre\lib\cacerts" -storepass changeit

But I am end with the below error message:

KeyTool error : java.lang.Exception : Alias does not exist

Reporter
  • 3,897
  • 5
  • 33
  • 47
Subodh Joshi
  • 12,717
  • 29
  • 108
  • 202
  • 1
    There are two quotation marks missing in the first command (after .cer and befor the keystore path). – Omikron Feb 22 '17 at 16:02

3 Answers3

14

For Ubuntu / Linux
List all entries from your keystore with the respective alias

keytool -list -v -keystore "myKeyStore.jks" -storepass myPassword

The verbose option '-v' is important, in order to see the aliases

Example output:

Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: 1
Creation date: Dec 4, 2019
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=yourname.com, O=Your Name, C=XX
Issuer: CN=Issuer CA, O=Issuer Name, C=XX
Serial number: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Valid from: Mon Feb 25 10:04:56 GMT 2019 until: Wed Feb 24 10:04:56 GMT 2021
Certificate fingerprints:
   SHA1: 9F:35:31:B1:A9:C2:37:8D:61:2F:9B:ED:82:3F:45:26:E1:D9:18:83
   SHA256: 34:65:C8:B6:4D:24:9D:20:3C:24:7B:B7:7B:F5:6B:F3:BE:79:11:BE:4F:8C:21:D2:9E:86:CC:AD:17:84:01:C4                                                        
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:  
...
Tim Menapace
  • 431
  • 4
  • 6
11

Check if the alias exists. You can list all entries using:

keytool -list -keystore "C:\Program Files\Java\jdk1.7.0_79\jre\lib\cacerts" -storepass changeit

This command will show all existing aliases in the file. If it's not there, that's why you can't delete it.

1

In sometimes you may get this error even the alias present in the keystore. Which may be you are not given the alias name properly while passing as arguments.

Ex : letsencryptisrgx1 [jdk]

In the above alias name you can see the square brackets which is the issue in my case.

When I give the entire name in double quotes it works.

 $JAVA_HOME/bin/keytool -list -v -alias "letsencryptisrgx1 [jdk]" -keystore $JAVA_HOME/lib/security/cacerts
Esakkiappan .E
  • 525
  • 6
  • 8