What is Java keytool?
The Java keytool is a command-line utility used to manage keystores in different formats containing keys and certificates. You can use the java keytool to change a private key alias in a keystore. In many respects, it’s a competing utility with openssl for keystore, key, and certificate management.
What is a keytool private key alias?
The alias on a private key entry in a keystore is simply a word or name to quickly identify the private key. The alias can be practically anything you want it to be and is for readability purposes. When listing the content of a keystore, a human identifiable alias is helpful. When used by a software program, human readability is less important, however, developers usually still choose an easily readable and identifiable alias. Keytool provides a function for changing the alias name with the changealias flag, detailed below.
What keytool command do I use to change a private key alias?
Use this command to change the private key alias in a keystore. The result will be a new alias on the key entry. Many times when generating a keystore, the alias option is ignored, giving the private key entry a generic alias. If that is the case, many times the alias will be “1” or if imported from another keystore, the previous alias for that entry. To use keytool change alias, run this command.
keytool -changealias \
-alias example \
-destalias example.com \
-keypass changeit \
-keystore example.p12 \
-storepass changeit \
-storetype PKCS12 \
-v
Java keytool options:
Options breakdown:
-alias
– The alias of the private key entry to be changed.
-destalias
– The alias of the private key entry after completion of the command.
-keypass
– The password of the private key. This should have been set to be the same as the keystore password. We recommend leaving this option off and letting keytool prompt you instead of writing your password in plain text here.
-keystore
– The keystore file.
-storepass
– The keystore password. We recommend leaving this option off and letting keytool prompt you instead of writing your password in plain text here.
-storetype
– Recommended keystore types include PKCS12 and JKS. In this case, the keystore was of type PKCS12.
-v
– Verbose

Here are the official keytool docs to dive further into how to use java keytool to change a private key’s alias. https://docs.oracle.com/javase/10/tools/keytool.htm#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__MANAGETHEKEYSTORE-507D231A
Leave a Reply