rem keytool useful commands

REM delete a cert from the default .keystore
keytool -delete -alias phony

REM delete a cert from the cacerts file, ( password initially "changeit" (changeme on the Mac)
keytool -delete -alias phony -keystore "%JRE64\lib\security\cacerts"

REM list all .keystore certs
keytool -list -v | more

REM list all .keystore certs to a text file
keytool -list -v > allmycerts.txt

REM list just one .keystore cert
keytool -list -v -alias mycert | more

REM list all cacerts certificates ( password initially "changeit" (changeme on the Mac)
keytool -list -keystore "%JRE64\lib\security\cacerts" | more

REM list just one cacerts certificate ( password initially "changeit" (changeme on the Mac)
keytool -list -keystore "%JRE64\lib\security\cacerts" -alias thatcert | more

REM list display a standalone exported cert not inside .keystore or cacerts
keytool -printcert -v -file anycert.cer | more

REM export a code-signing authority cert from JRE cacerts, in binary format, public key only. You don't have the private key.
REM Prior to Java 1.6 use -export instead of -exportcert
keytool -exportcert -keystore "%JRE64\lib\security\cacerts" -storepass changeit -alias thawteserverca -file thawteserverca.cer

REM export a code-signing authority cert from JDK cacerts in printable format, public key only. You don't have the private key.
REM Though the exported cert is in armoured ASCII, it contains nothing human-readable.
keytool -exportcert -keystore "%JRE64\lib\security\cacerts" -storepass changeit -alias thawteserverca -file thawteserverca.cer -rfc

REM import an SSL/TLS certificate so Java can connect to https: sites using that cert.
keytool.exe -importcert -trustcacerts -keystore  "%JDK64\jre\lib\security\cacerts"  -storepass %cacertspassword -file %file -alias somealias