diff --git a/src/java.base/share/classes/sun/security/tools/keytool/Main.java b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
index 9fb830da338..7f415da5270 100644
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2025, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2026, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1294,7 +1294,7 @@ public final class Main {
             }
 
             if (alias != null) {
-                doPrintEntry(rb.getString("the.certificate"), alias, out);
+                doPrintEntry(alias, out);
             } else {
                 doPrintEntries(out);
             }
@@ -2177,9 +2177,10 @@ public final class Main {
     /**
      * Prints a single keystore entry.
      */
-    private void doPrintEntry(String label, String alias, PrintStream out)
+    private void doPrintEntry(String alias, PrintStream out)
         throws Exception
     {
+        String label = "<" + alias + ">";
         CertPathConstraintsParameters cpcp;
         if (!keyStore.containsAlias(alias)) {
             MessageFormat form = new MessageFormat
@@ -2631,7 +2632,7 @@ public final class Main {
         List<String> aliases = Collections.list(keyStore.aliases());
         aliases.sort(String::compareTo);
         for (String alias : aliases) {
-            doPrintEntry("<" + alias + ">", alias, out);
+            doPrintEntry(alias, out);
             if (verbose || rfc) {
                 out.println(rb.getString("NEWLINE"));
                 out.println(rb.getString
diff --git a/test/jdk/sun/security/tools/keytool/ListAlias.java b/test/jdk/sun/security/tools/keytool/ListAlias.java
new file mode 100644
index 00000000000..91994c04a9c
--- /dev/null
+++ b/test/jdk/sun/security/tools/keytool/ListAlias.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2026, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8286032
+ * @summary Validate the warnings of the keytool -list -alias command
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+public class ListAlias {
+
+    public static void main(String[] args) throws Exception {
+        SecurityTools.keytool("-keystore ks -storepass changeit " +
+                "-genseckey -keyalg DES -alias deskey")
+                .shouldContain("Warning")
+                .shouldMatch("The generated secret key uses the DES algorithm.*considered a security risk")
+                .shouldHaveExitValue(0);
+
+        SecurityTools.keytool("-keystore ks -storepass changeit " +
+                        "-list -alias deskey -v")
+                .shouldContain("Warning")
+                .shouldMatch("<deskey> uses the DES algorithm.*considered a security risk")
+                .shouldNotContain("The certificate")
+                .shouldHaveExitValue(0);
+
+        SecurityTools.keytool("-keystore ks -storepass changeit " +
+                        "-genkeypair -keyalg RSA -alias ca -dname CN=CA -ext bc:c " +
+                        "-sigalg SHA1withRSA")
+                .shouldContain("Warning")
+                .shouldMatch("The generated certificate uses the SHA1withRSA.*considered a security risk")
+                .shouldHaveExitValue(0);
+
+        SecurityTools.keytool("-keystore ks -storepass changeit " +
+                        "-list -alias ca -v")
+                .shouldContain("Warning")
+                .shouldMatch("<ca> uses the SHA1withRSA.*considered a security risk")
+                .shouldNotContain("The certificate")
+                .shouldHaveExitValue(0);
+
+        SecurityTools.keytool("-keystore ks -storepass changeit " +
+                        "-list -v")
+                .shouldContain("Warning")
+                .shouldMatch("<deskey> uses the DES algorithm.*considered a security risk")
+                .shouldMatch("<ca> uses the SHA1withRSA.*considered a security risk")
+                .shouldNotContain("The certificate")
+                .shouldHaveExitValue(0);
+    }
+}
\ No newline at end of file
diff --git a/test/jdk/sun/security/tools/keytool/WeakAlg.java b/test/jdk/sun/security/tools/keytool/WeakAlg.java
index de2435a4f4b..546a4182e97 100644
--- a/test/jdk/sun/security/tools/keytool/WeakAlg.java
+++ b/test/jdk/sun/security/tools/keytool/WeakAlg.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2025, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2026, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -750,7 +750,7 @@ public class WeakAlg {
             oa.shouldNotContain("Warning");
         } else {
             oa.shouldContain("Warning")
-                    .shouldMatch("The certificate.*" + bad + ".*is disabled");
+                    .shouldMatch("uses.*" + bad + ".*is disabled");
         }
 
         // With cert content
@@ -770,7 +770,7 @@ public class WeakAlg {
         } else {
             oa.shouldContain("Warning")
                     .shouldContain(bad + " (disabled)")
-                    .shouldMatch("The certificate.*" + bad + ".*is disabled");
+                    .shouldMatch("uses.*" + bad + ".*is disabled");
         }
     }
 
@@ -844,11 +844,11 @@ public class WeakAlg {
                 break;
             case "SHA1withRSA":
                 oa.shouldContain("Warning")
-                        .shouldMatch("The certificate.*" + bad + ".*considered a security risk");
+                        .shouldMatch("uses.*" + bad + ".*considered a security risk");
                 break;
             case "1024-bit RSA key":
                 oa.shouldContain("Warning")
-                        .shouldMatch("The certificate.*" + bad + ".*will be disabled");
+                        .shouldMatch("uses.*" + bad + ".*will be disabled");
                 break;
         }
 
@@ -879,12 +879,12 @@ public class WeakAlg {
             case "SHA1withRSA":
                 oa.shouldContain("Warning")
                         .shouldContain(bad + " (weak)")
-                        .shouldMatch("The certificate.*" + bad + ".*considered a security risk");
+                        .shouldMatch("uses.*" + bad + ".*considered a security risk");
                 break;
             case "1024-bit RSA key":
                 oa.shouldContain("Warning")
                         .shouldContain(bad + " (weak)")
-                        .shouldMatch("The certificate.*" + bad + ".*will be disabled");
+                        .shouldMatch("uses.*" + bad + ".*will be disabled");
                 break;
         }
     }