Troubleshooting keystore certificates using Java Keytool

Note: This knowledge article is simply a guide. The user holds responsibility to create a backup copy of the Truststore or KeyStore before performing any of the commands mentioned

 

Java KeyTool can be used to help troubleshoot issues with Symphony on-prem components such as KeyManager, Agent and Content Export Bridge.

 

Java Keytool enables you to manage certificates by viewing, exporting, deleting and importing certificates using the various commands detailed below.

 

Note: These commands will work only in a Linux environment

 

Export

1. To view and list the certificates within the Truststore or Keystore:

 

keytool -list -v -keystore <name-of-your-truststore-or-keystore>

 

2. Export to file a list of certificates within a specific Truststore or Keystore:

 

keytool -list -v -keystore <name-of-your-truststore-or-keystore> > <exported_certificates_list>.log

 

3. Export a specific certificate alias from your Truststore or Keystore:

 

keytool -exportcert -keystore <name-of-your-truststore-or-keystore> -alias <your-alias-name> -file <alias-filename-certificate>.cert

Delete

1. To delete a specific certificate alias from your Truststore or Keystore:

 

keytool -delete -alias <your-alias-name> -keystore <name-of-your-truststore-or-keystore>

Import

1. To import a specific certificate alias to your Truststore or Keystore:

 

keytool -importcert -trustcacerts -keystore <name-of-your-truststore-or-keystore> -file <filename-of-certificate>.cert -alias <your-alias-name>

Password Change

1. This command will help you change your Truststore or Keystore password:

 

keytool -storepasswd -keystore <name-of-your-truststore-or-keystore>

Alias Name Change

1. The following command will allow you to change the existing alias name to a new alias name:

 

keytool -changealias -alias "<existing-alias-name>" -destalias "<new-alias-name>" -keystore <name-of-your-truststore-or-keystore>

 

A password is present on all truststores or keystores. To avoid this password prompt, a user can append the following line to any of the commands above:

 

-storepass <your-keystore-password>

 

If you experience any issues with keystore certificates, please contact Symphony Support at support@symphony.com and inform them that you are experiencing issues with troubleshooting keystore certificates.