java:keytool:list-certificates-from-jks
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
java:keytool:list-certificates-from-jks [2020/08/08 19:58] – odefta | java:keytool:list-certificates-from-jks [2020/08/08 20:22] – odefta | ||
---|---|---|---|
Line 34: | Line 34: | ||
Warning: | Warning: | ||
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using " | The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using " | ||
+ | </ | ||
+ | |||
+ | ====== Create truststore jks file ====== | ||
+ | |||
+ | In truststore file we need to import the CA certificates. | ||
+ | |||
+ | < | ||
+ | keytool -import -alias rootca -file ca.crt -storetype JKS -keystore truststore_custom.jks | ||
+ | </ | ||
+ | |||
+ | Output: | ||
+ | < | ||
+ | Enter keystore password: | ||
+ | Re-enter new password: | ||
+ | Owner: OU=AX Software, O=AX, L=Bucharest, | ||
+ | Issuer: OU=AX Software, O=AX, L=Bucharest, | ||
+ | Serial number: 72b1b38c2fc0fc33ff298be6e6a704eb4ebd24c4 | ||
+ | Valid from: Sat Aug 08 15:56:46 EEST 2020 until: Tue Aug 06 15:56:46 EEST 2030 | ||
+ | Certificate fingerprints: | ||
+ | | ||
+ | SHA1: 59: | ||
+ | | ||
+ | Signature algorithm name: SHA256withRSA | ||
+ | Subject Public Key Algorithm: 2048-bit RSA key | ||
+ | Version: 3 | ||
+ | |||
+ | Extensions: | ||
+ | |||
+ | #1: ObjectId: 2.5.29.19 Criticality=true | ||
+ | BasicConstraints: | ||
+ | CA:true | ||
+ | PathLen: | ||
+ | ] | ||
+ | |||
+ | #2: ObjectId: 2.5.29.14 Criticality=false | ||
+ | SubjectKeyIdentifier [ | ||
+ | KeyIdentifier [ | ||
+ | 0000: 58 1E 75 F6 E9 9B 54 41 6D 0E EF 59 5C A6 60 88 X.u...TAm..Y\.`. | ||
+ | 0010: 82 74 C4 43 .t.C | ||
+ | ] | ||
+ | ] | ||
+ | |||
+ | Trust this certificate? | ||
+ | Certificate was added to keystore | ||
+ | </ | ||
+ | |||
+ | Repeat this for all CA certificates: | ||
+ | |||
+ | < | ||
+ | keytool -import -alias int1 -file int1.crt -storetype JKS -keystore truststore_custom.jks | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | keytool -import -alias int2 -file int2.crt -storetype JKS -keystore truststore_custom.jks | ||
+ | </ | ||
+ | |||
+ | Output: | ||
+ | < | ||
+ | Enter keystore password: | ||
+ | Certificate was added to keystore | ||
</ | </ | ||
java/keytool/list-certificates-from-jks.txt · Last modified: 2023/07/04 19:36 by 127.0.0.1