The keytool command that lists certificates in the cacerts file is B: keytool -list -keystore cacerts. This command will display the aliases and fingerprints of all the certificates in the cacerts file, which is the default truststore for Java applications1. The cacerts file contains the root and intermediate certificates of various certificate authorities (CAs) that are trusted by Java2.
The other options are incorrect because:
A: keytool -list -showinfo is not a valid keytool command, as the -showinfo option does not exist. The closest option is -v or -verbose, which will display more details about each certificate, such as the owner, issuer, serial number, validity period, signature algorithm, and extensions1.
C: keytool -list cacerts is not a complete keytool command, as it is missing the -keystore option, which is required to specify the name or path of the keystore file to be listed. Without the -keystore option, the keytool command will assume the default keystore file, which is usually named .keystore in the user’s home directory1.
D: keytool -list -alias is also not a complete keytool command, as it is missing the value of the -alias option, which is used to specify the alias of a particular entry in the keystore file to be listed. Without the value of the -alias option, the keytool command will display an error message, such as "keytool error: java.lang.Exception: Alias does not exist"1.
References:
1: keytool - Key and Certificate Management Tool 2: How to check a Certificate is in default cacerts 3: java - How to view and edit cacerts file? - Stack Overflow 4: HOW TO: Import or list certificates from Java cacerts file using … 5: Keytool: List Certificate - Java Certs - ShellHacks
