User Tools

Site Tools


java:keytool:list-certificates-from-jks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
java:keytool:list-certificates-from-jks [2020/08/08 19:58] odeftajava:keytool:list-certificates-from-jks [2020/08/08 20:22] odefta
Line 34: Line 34:
 Warning: Warning:
 The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore_custom.jks -destkeystore keystore_custom.jks -deststoretype pkcs12". The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore_custom.jks -destkeystore keystore_custom.jks -deststoretype pkcs12".
 +</code>
 +
 +====== Create truststore jks file ======
 +
 +In truststore file we need to import the CA certificates.
 +
 +<code>
 +keytool -import -alias rootca -file ca.crt -storetype JKS -keystore truststore_custom.jks
 +</code>
 +
 +Output:
 +<code>
 +Enter keystore password:
 +Re-enter new password:
 +Owner: OU=AX Software, O=AX, L=Bucharest, ST=Romania, C=RO
 +Issuer: OU=AX Software, O=AX, L=Bucharest, ST=Romania, C=RO
 +Serial number: 72b1b38c2fc0fc33ff298be6e6a704eb4ebd24c4
 +Valid from: Sat Aug 08 15:56:46 EEST 2020 until: Tue Aug 06 15:56:46 EEST 2030
 +Certificate fingerprints:
 +         MD5:  16:2B:B3:B0:9C:0E:12:37:D8:CA:7E:05:9C:23:76:F0
 +         SHA1: 59:B4:0C:EA:AB:8A:48:7D:14:65:6D:6C:D4:07:A9:81:CB:A6:D2:27
 +         SHA256: 07:50:F3:D5:F2:62:6A:9F:27:3C:56:27:4A:CD:D0:E6:34:98:26:F1:20:04:0C:02:9F:22:B0:35:E1:30:DD:50
 +Signature algorithm name: SHA256withRSA
 +Subject Public Key Algorithm: 2048-bit RSA key
 +Version: 3
 +
 +Extensions:
 +
 +#1: ObjectId: 2.5.29.19 Criticality=true
 +BasicConstraints:[
 +  CA:true
 +  PathLen:2147483647
 +]
 +
 +#2: ObjectId: 2.5.29.14 Criticality=false
 +SubjectKeyIdentifier [
 +KeyIdentifier [
 +0000: 58 1E 75 F6 E9 9B 54 41   6D 0E EF 59 5C A6 60 88  X.u...TAm..Y\.`.
 +0010: 82 74 C4 43                                        .t.C
 +]
 +]
 +
 +Trust this certificate? [no]:  yes
 +Certificate was added to keystore
 +</code>
 +
 +Repeat this for all CA certificates:
 +
 +<code>
 +keytool -import -alias int1 -file int1.crt -storetype JKS -keystore truststore_custom.jks
 +</code>
 +
 +<code>
 +keytool -import -alias int2 -file int2.crt -storetype JKS -keystore truststore_custom.jks
 +</code>
 +
 +Output:
 +<code>
 +Enter keystore password:
 +Certificate was added to keystore
 </code> </code>
  
java/keytool/list-certificates-from-jks.txt · Last modified: 2023/07/04 19:36 by 127.0.0.1