I have been playing with SSL connections between a Java application and a server lately and understanding the keytool command has helped troubleshooting. So here are my quick notes:

To list the content of a keystore you simply use this command:

keytool -v -list -keystore keystoreFileName

It is useful to remember that the default keystore is in the $JAVA_HOME/ jre/lib/security/cacerts file and that the default password for it is “changeit”.

I also used the printcert command to list the content of some certificate:

keytool -printcert -v -file entrust.cer

Posted on May 5