View what’s inside the Keystore

I have a file with java keystore type that I would like to inspect. Can the contents of the keystore of java be viewed if I don’t have it password? I want to verify an SSL certificate is inside of it. Maybe also check the details are correct, expiration date and so on. What tool can be used to open the keystore?


The normal notion that because the Java Keystore (JKS for short) asks for a password, then I cannot see what is in it is not entirely correct. The password for the JKS does not prevent that. Instead the purpose of the password is to protect the integrity of the JKS. The intention is that without the password, I should not be able to modify the contents, such as adding certificates or deleting some.

With the proper tool I can still read what is inside of a JKS. Normally we just use the keytool. This command line tool usually comes with the Java installation in your system. Try to find it in the installation directory of Java. It resides together with other Java binaries in the ../bin/ directory.

Without password warnings will be displayed, like this one:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

How to print what is inside the JKS:

(1) View all as a list

:~$ keytool -list -keystore /path/to/keystore/file

(2) View all as a list with details

:~$ keytool -list -v -keystore /path/to/keystore/file

(3) View a specific entry only using alias with details (The alias is the text that comes out in command #1 before the date, without the comma)

:~$ keytool -list -alias "the alias text" -v -keystore /path/to/keystore/file