How to delete already import certificate/alias by keytool command?

Question

I am trying to delete already import certificate by keytool command

 keytool -delete -noprompt -alias "initcert" -keystore keycloak.jks

But getting below exception

keytool error: java.lang.Exception: Keystore file does not exist: keycloak.jks

Same issue with

keytool -delete  -alias "initcert" -keystore keycloak.cer

issue

keytool error: java.lang.Exception: Keystore file does not exist: keycloak.cer

Now i am trying to import the certificate with same alias name

 keytool -import -noprompt -trustcacerts -alias "initcert" -file "C:\Code_Base\keycloak_certificates\keycloak_135.250.138.74_server\keycloak.cer" -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts"

But again end with

keytool error: java.lang.Exception: Certificate not imported, alias already exists

Answer 1

It seems you didn't write the full keystore path. The command should be like this:

keytool -delete -noprompt -alias "initcert" -keystore "C:\Path\to\your\keystore\keycloak.jks"

About the last error, as other pointed out, "cacerts" is different keystore than your keycloak where you have already imported your certificate. You can check if your alias is in there by using the following command:

keytool -list -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts"

And to delete it:

keytool -delete -noprompt -trustcacerts -alias "initcert" -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts"

Then, if you import again the certificate, the error would not appear.

Finally, one last thing, if there is an error like this

keytool error: java.io.FileNotFoundException: C:\Path\to\your\keystore\keycloak.jks (Permission denied)

You should execute the command window in Administrator mode.

Answer 2

You can make use of KeyStore Explorer to check if exists and manage your certs easily,

KeyStore Explorer Download Link

Just open your keystore file with the explorer, do the stuff you want and save it back.