I have been playing with SSL connections between a Java application and a server lately and understanding the keytool command has helped troubleshooting. So here are my quick notes:
To list the content of a keystore you simply use this command:
keytool -v -list -keystore keystoreFileName
It is useful to remember that the default keystore is in the $JAVA_HOME/ jre/lib/security/cacerts file and that the default password for it is “changeit”.
I also used the printcert command to list the content of some certificate:
keytool -printcert -v -file entrust.cer