A .jks file (Java Keystore) is a store of keys and certificates used in Java application development. To view it, you need keytool, a tool included in the JDK.
List the keystore contents#
To see all certificates and keys in the store:
keytool -list -v -keystore your_file.jksIt will ask for the keystore password. You’ll see a complete list of all aliases and their details.
To see a specific alias only:
keytool -list -v -keystore your_file.jks -alias your_aliasExport a certificate to a file#
To extract a certificate in readable format (.crt):
keytool -exportcert -alias your_alias -keystore your_file.jks -file certificate.crtThen you can open the .crt file with a text editor or certificate viewer.
View a private key#
To see the technical details of a key (algorithm, size, etc.), use:
keytool -list -v -keystore your_file.jks -alias your_aliasSecurity note: keytool doesn’t display the private key in plain text by design. If you absolutely need to export it, you must convert to PKCS12 first:
keytool -importkeystore -srckeystore your_file.jks -destkeystore store.p12 -deststoretype PKCS12Then extract the key with OpenSSL:
openssl pkcs12 -in store.p12 -nocerts -nodesGraphical alternative#
If you prefer not to use the terminal, download KeyStore Explorer (open-source tool). It lets you:
- Open
.jks,.p12, and other format files - View certificate details with a few clicks
- Export keys by right-clicking > “View Private Key”
- Inspect expiration dates and other details without terminal commands
It’s the most intuitive option if you don’t want to remember command syntax.