We saw how to import and list certificates. The certificates are stored with alias names. We can delete certificates from the Cacerts Keystore file.
Sometimes you might have added a certificate by mistake. Using the keytool delete command, the certificates can be removed one by one using their alias name.
Syntax
keytool -delete -alias certificatealiasname -keystore cacerts
We have used two options here,
-alias - alias name of the certificate
-keystore - Keystore file name
We haven't used the -storepass keyword, but on entering the delete command it will prompt for the storepass keystore password. It is the recommended approach instead of adding the password to the command. Let it prompt for entering your keystore password.
Command
Delete Certificate 1
keytool -delete -alias certificate1.cer -keystore cacerts
Enter keystore password:
or use with the -storepass option,
keytool -delete -alias certificate1.cer -keystore cacerts -storepass keywordpasswordhere
Delete Certificate 2
C:\ Program Files\ Java\jdk1.8\bin>keytool -delete -alias certificate2.cer -keystore cacerts
Enter keystore password:
If the keystore is a .jks file use the following command
C:\ Program Files\ Java\jdk1.8\bin>keytool -delete -alias certificate1.cer -keystore keystorefilename.jks
Enter keystore password:
It is recommended to take a copy of your cacerts or .jks keystore file as a backup before deleting the certificate.