What is Java keytool?
The Java keytool is a command-line utility used to manage keystores in different formats containing keys and certificates. You can use the java keytool to delete an alias from a keystore. In many respects, the java keytool is a competing utility with openssl for keystore, key, and certificate management.
Use case to delete an alias from a keystore.
You should delete a keystore entry by its alias when the entry is no longer being used or the entry has an expired certificate. In the case of a trust store on occasion, an external trusted system will change root certificates in which case you should either update your alias with the new trusted root, or delete the alias and create a new entry with a new alias. It is considered best practice to routinely review the entries in your keystore and keep it updated with current key and cert data. Below we will demonstrate how to use keytool to remove an alias from a keystore.
What keytool command do I use to delete an alias from a keystore?
Use this command to delete an alias from a keystore using the java keytool. The result will be the same keystore minus the deleted entry for the specified alias. Note that when the alias is not specified in the command, keytool will prompt you for it.
keytool -delete \
-alias example \
-keystore example.p12 \
-storepass changeit \
-storetype PKCS12 \
-v
Java keytool options:
-alias
– The alias of the entry encapsulated in the keystore. The chosen value should enhance the readability of the keystore entries, especially when the keystore contains multiple entries.
-keystore
– The filename of the keystore.
-storepass
– The current keystore password. We recommend leaving this option off and letting keytool prompt you instead of writing your password in plain text here.
-storetype
– Recommended keystore types include PKCS12 and JKS. In this case, the keystore was of type PKCS12.
-v
– Verbose output.

Use keytool to delete an alias is a powerful and convenient function for removing old or unnecessary private key entries in your keystore. Let us know in the comments if you would like to see more examples on how to use keytool to remove an alias from a keystore.
Here are the official keytool docs to dive further into how to delete an alias from a keystore. https://docs.oracle.com/javase/10/tools/keytool.htm#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__EXPORTDATA-507D3175
Leave a Reply