If you are not familiar with the Java keytool command, check out our Getting Started article.

The Java keytool command with the -list option can be used to view certificates in a Java keystore or truststore file. For example, let's say you have a Java keystore or truststore file named "trusted_certs" in the /usr/local/certs directory. 

AVOID TROUBLE

If the keystore or truststore type is PKCS12, the -storetype pkcs12 option must be used.

keytool -keystore "/usr/local/certs/trusted_certs" -storetype pkcs12 -list

If the Java keystore or truststore is password protected, you will be prompted for the password.

~]$ keytool -keystore "/usr/local/certs/trusted_certs" -storetype pkcs12 -list
Enter keystore password:

Or, the -storepass option can be used to provide the password on the command line.

keytool -keystore "/usr/local/certs/trusted_certs" -storetype pkcs12 -list -storepass itsasecret

In this example, the keystore file contains two certificates, my_root_cert and my_server_cert.

Keystore type: pkcs12
Keystore provider: SUN

Your keystore contains 2 entries

my_root_cert, Aug 21, 2019, trustedCertEntry, 
Certificate fingerprint (SHA1): 1E:0C:EB:DC:CA:E3:DC:16:76:77:EE:BE:91:9B:43:3D:9D:10:15:8E
my_server_cert, Oct 14, 2019, trustedCertEntry, 
Certificate fingerprint (SHA1): 8A:7B:10:43:A1:BE:78:D0:CF:12:9F:02:8C:99:F2:3D:1A:69:81:1D

The -delete flag can be used to delete a certificate from a keystore.

keytool -keystore "/usr/local/certs/trusted_certs" -storetype pkcs12 -delete -alias my_server_cert