How do I know which alias contains the certificate and private key in a Java keystore?

Question

I need to extract our SSL certificate and private key from our JKS keystore and send it to a third party vendor we are interfacing with. The person who created the keystore and imported the cert is no longer with the company, so I don't know which alias I specifically need to use.

Would the certificate and private key be extracted from the same alias? I have 5 aliases in my keystore. 3 are dated 2010, 2 are dated 2012. The 2012 aliases have entry types of PrivateKeyEntry and trustedCertEntry. The 3 dated 2010 are trustedCertEntry. All 5 are within valid date ranges indicating none are expired.

My understanding is that the PrivateKeyEntry contains the private key and the certificate chain? Does this mean that both the certificate and private key should be extracted from the same alias?

I don't have a lot of room for error here and want to make sure I fully understand what I'm exporting and sending off.

Answer 1

The alias used for Certificate does not have to correspond to the Private Key. So, you would have to take your chances.

Edit:

I haven't really tried this out. But it really shouldn't matter because a Certificate depends on the Public-Private Key. Password given in the keystore are just a way to secure them and giving it to only a trusted user. So, I would suggest you to generate the certificate and compare them with the other one's using the getEncoded method. This would give you the binaries and you could compare them.