rem keytool useful commands

REM delete a cert from the default .keystore
keytool -delete -alias phony

REM delete a cert from the cacerts file, password ( changeit )
keytool -delete -alias phony -keystore "J:\Program Files\java\jdk1.6.0_17.\jre\lib\security\cacerts."

REM list all .keystore certs
keytool -list -v | more

REM list all .keystore certs to a text file
keytool -list -v > allmycerts.txt

REM list just one .keystore cert
keytool -list -v -alias mycert | more

REM list all cacerts certificates ( password changeit )
keytool -list -keystore "J:\Program Files\java\jdk1.6.0_17.\jre\lib\security\cacerts." | more

REM list just one cacerts certificate ( password changeit )
keytool -list -keystore "J:\Program Files\java\jdk1.6.0_17.\jre\lib\security\cacerts." -alias thatcert | more

REM list display a standalone exported cert not inside .keystore or cacerts
keytool -printcert -v -file anycert.cer | more

REM export a code-signing authority cert from JRE cacerts, in binary format, public key only. You don't have the private key.
REM Prior to Java 1.6 use -export instead of -exportcert
keytool -exportcert -keystore "C:\Program Files\Java\jre1.6.0_17.\lib\security\cacerts." -storepass changeit -alias thawteserverca -file thawteserverca.cer

REM export a code-signing authority cert from JDK cacerts in printable format, public key only. You don't have the private key.
REM Though the exported cert is in armoured ASCII, it contains nothing human-readable.
keytool -exportcert -keystore "J:\Program Files\Java\jdk1.6.0_17.\jre\lib\security\cacerts." -storepass changeit -alias thawteserverca -file thawteserverca.cer -rfc