1. Overview
In this tutorial, we’ll learn two different methods for changing the alias of a key within a Java keystore.
2. Setup
First, let’s use the keytool utility to create a test keystore file with a single key:
keytool -genkey \
-keyalg rsa \
-alias baeldung \
-dname "cn=my-cn.localhost, ou=Java Devs, o=Baeldung, l=London, s=Greater London, c=GB" \
-keystore my-keystore.jks \
-storepass storepw@1
Let’s ensure that the test file was created successfully. We’ll use the grep command with the -i and -E options to highlight the relevant information from the keystore file:
keytool -list -v -keystore my-keystore.jks -storepass storepw@1 \
| grep -iE "keystore contains|alias|my-cn.localhost"
The output confirms that the command ran successfully and that the keystore file contains the baeldung alias:
Your keystore contains 1 entry
Alias name: baeldung
Owner: CN=my-cn.localhost, OU=Java Devs, O=Baeldung, L=London, ST=Greater London, C=GB
Issuer: CN=my-cn.localhost, OU=Java Devs, O=Baeldung, L=London, ST=Greater London, C=GB
Now, let’s see how we can change the alias of the existing key from the test file.
The first method involves using the keytool utility and the changealias option:
keytool -changealias -alias baeldung -destalias baeldung.com -keystore my-keystore.jks -storepass storepw@1
We can check the result using the same command from earlier:
keytool -list -v -keystore my-keystore.jks -storepass storepw@1 \
| grep -iE "keystore contains|alias|my-cn.localhost"
We can see that the method worked as expected and that the new alias is now baeldung.com:
Your keystore contains 1 entry
Alias name: baeldung.com
Owner: CN=my-cn.localhost, OU=Java Devs, O=Baeldung, L=London, ST=Greater London, C=GB
Issuer: CN=my-cn.localhost, OU=Java Devs, O=Baeldung, L=London, ST=Greater London, C=GB
4. Change the Alias of a Key Using Java
The second method is based on the Java KeyStore API. While the API allows to check the name and alias of a certificate in a keystore file, it doesn’t offer direct support for renaming an alias.
Therefore, we’ll use a workaround and duplicate the existing key under the new alias. Additionally, we’ll also have to delete the entry with the initial alias.
Let’s see this in action:
private static final String KEYSTORE = "my-keystore.jks";
private static final String PWD = "storepw@1";
private static final String OLD_ALIAS = "baeldung";
private static final String NEW_ALIAS = "baeldung.com";
@Test
void whenAliasIsRenamed_thenNewAliasIsCreated() throws Exception {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(getClass().getResourceAsStream(KEYSTORE), PWD.toCharArray());
assertThat(keystore.containsAlias(OLD_ALIAS)).isTrue();
assertThat(keystore.containsAlias(NEW_ALIAS)).isFalse();
Key key = keystore.getKey(OLD_ALIAS, PWD.toCharArray());
Certificate[] certificateChain = keystore.getCertificateChain(OLD_ALIAS);
keystore.deleteEntry(OLD_ALIAS);
keystore.setKeyEntry(NEW_ALIAS, key, PWD.toCharArray(), certificateChain);
assertThat(keystore.containsAlias(OLD_ALIAS)).isFalse();
assertThat(keystore.containsAlias(NEW_ALIAS)).isTrue();
}
It’s essential to note that the changes made in the previous test were applied only to an in-memory copy of the keystore, not to the original file. We need to write the updated keystore to disk in order to make these changes permanent.
5. Conclusion
In this article, we’ve explored two methods for changing the alias of a key within a Java keystore file. The first method uses the keytool utility and is usually the recommended approach in most scenarios. Alternatively, the second solution is based on the Java KeyStore API and can be a solid option if the change needs to be performed directly from the Java code.
The code backing this article is available on GitHub. Once you're
logged in as a Baeldung Pro Member, start learning and coding on the project.
