Troubleshooting keystore certificates using Java Keytool

This knowledge article has been developed for users as a guideline.

  • The user holds the responsibility of creating a backup copy of the Truststore or KeyStore before performing any of the commands mentioned.
  • The commands only work in a Linux environment.
  • Java KeyTool can be used to help troubleshoot issues with Symphony on-prem components such as a Key Manager (KM), an Agent and a Content Export Bridge (CEB). Java KeyTool enables you to manage certificates by viewing, exporting, deleting and importing certificates, amongst other things, using the commands detailed below.

View

To view and list the certificates within the Truststore or Keystore:

keytool -list -v -keystore <name-of-your-truststore-or-keystore>

Export

Export to file a list of certificates within a specific Truststore or Keystore:

keytool -list -v -keystore <name-of-your-truststore-or-keystore> > <exported_certificates_list>.log

Export a specific certificate alias from your Truststore or Keystore:

keytool -exportcert -keystore <name-of-your-truststore-or-keystore> -alias <your-alias-name> -file <alias-filename-certificate>.cert

Delete

To delete a specific certificate alias from your Truststore or Keystore:

keytool -delete -alias <your-alias-name> -keystore <name-of-your-truststore-or-keystore>

Import

To import a specific certificate alias to your Truststore or Keystore:

keytool -importcert -trustcacerts -keystore <name-of-your-truststore-or-keystore> -file <filename-of-certificate>.cert -alias <your-alias-name>

Password Change

This command will allow you to change your Truststore or Keystore password:

keytool -storepasswd -keystore <name-of-your-truststore-or-keystore>

Alias Name Change

This command will allow you to change the existing alias name to a new alias name:

keytool -changealias -alias "<existing-alias-name>" -destalias "<new-alias-name>" -keystore <name-of-your-truststore-or-keystore>

Note: A password is present on all truststores or keystores. To avoid this password prompt, a user can append the following line to any of the commands above:

-storepass <your-keystore-password>

If you experience any issues with keystore certificates, please contact Symphony Support at support@symphony.com and inform them that you are experiencing issues with troubleshooting keystore certificates.