Delete old Certificates from keytool
Article ID: 174921
Updated On:
Products
Issue/Introduction
You have an old certificate in your Keystore that needs to be removed and you don't really know it's name.
Resolution
You will use the Keytool application and list all of the certificates in the Keystore. Open an Administrator command prompt.
C:> keytool -list -keystore .keystore
(If keytool does not run from the directory you are in you will need to fix your Environment variables for JAVA, since Keytool is a JAVA app. Or you can change to the directory keytool is located.)
You may also need to put the full path to your keystore if you are not in the directory of your keystore .
Below are the various arguments you can use:
- -list
-
{-alias alias} {-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v | -rfc} {-protected} {-Jjavaoption}
This command by default prints the SHA1 fingerprint of a certificate. If the -v option is specified, then the certificate is printed in human-readable format, with additional information such as the owner, issuer, serial number, and any extensions. If the -rfc option is specified, then the certificate contents are printed using the printable encoding format, as defined by the Internet RFC 1421 Certificate Encoding Standard.
You cannot specify both -v and -rfc.
Then use Keytool again to delete the Certificate you don't want in your Keystore. Open an Administrator command prompt.
C:> keytool -delete -alias aliasname -keystore .keystore
Where "aliasname" is what you learned from the list command above.
Below are the various arguments you can use:
Feedback
