{{Short description|Software development tool for security}}
A '''Java KeyStore''' ('''JKS)''') is a [[content repository|repository]] of security certificates,{{spaced ndash}} either [[Authorizationauthorization certificate]]s or [[Publicpublic key certificate]]s{{spaced ndash}} plus corresponding [[Private key|private keys]], - used for instance in [[Transport_Layer_SecurityTransport Layer Security|SSLTLS encryption]].
In [[IBM WebSphere Application Server]] and [[Oracle WebLogic Server]], a file with extension [[''jks]]'' serves as a keystore.
The [[Java_(programming_language)|Java Development Kit]] JDK maintains a CAC[[certificate authority|CA]] keystore file named ''cacerts'' in folder ''jre/lib/security/cacerts''. JDKs provide a tool named ''keytool''<ref>[httphttps://javadocs.sunoracle.com/en/java/javase/617/docs/tooldocsspecs/solarisman/keytool.html The ''keytool'' Command - Keya key and Certificatecertificate Managementmanagement utility Tool]</ref> to manipulate the keystore. ''keytool'' has no functionality to extract the private key out of the keystore, but this is possible with a third-party tooltools like jksExportKey, CERTivity,<ref>[http://miteffwww.edulib.com/jksexportkeyproducts/keystores-manager/ jksExportKeyCERTivity - A freemulti-platform visual tool for exportingmanaging privatekeystores]</ref> keysPortecle<ref>[http://portecle.sourceforge.net outPortecle of- thekeystorePortecle asis standalonean filesopen-source GUI application for creating, managing and examining keystores.]</ref> and KeyStore Explorer.<ref>[http://keystore-explorer.org KeyStore Explorer - An open source GUI replacement for the Java command-line utilities keytool, jarsigner and jadtool.]</ref>
