The Java Development Kit maintains a CA keystore file named cacerts in folder jre/lib/security. JDKs provide a tool named keytool to manipulate the keystore. keytool has no functionality to extract the private key out of the keystore, but this is possible with third-party tools like jksExportKey, CERTivity, Portecle and KeyStore Explorer.
- The keytool Command - a key and certificate management utility
- CERTivity - A multi-platform visual tool for managing keystores
- Portecle - Portecle is an open-source GUI application for creating, managing and examining keystores.
- KeyStore Explorer - An open source GUI replacement for the Java command-line utilities keytool, jarsigner and jadtool.