Listing the certificates in a keystore
List the certificates available in a keystore.
Steps
-
To list the certificates in a keystore, use the
list-certificates
subcommand.This subcommand requires you to specify the path to the keystore file, and possibly the password that is needed to access the keystore. The following options are also available:
Option Description --alias {alias}
Specifies the alias of the certificate to display. If this value is not provided, all certificates are displayed. To list more than one specific certificate, specify this value multiple times.
--display-pem-certificate
Includes a PEM-encoded representation of each certificate as part of the output.
--verbose
Includes details about each certificate.
Example:
The following command demonstrates the basic listing of a keystore that contains a single certificate chain.
$ bin/manage-certificates list-certificates \ --keystore config/keystore \ --keystore-password-file config/keystore.pin Alias: server-cert (Certificate 1 of 2 in a chain) Subject DN: CN=ds1.example.com,O=Example Corp,C=US Issuer DN: CN=Example Certification Authority,O=Example Corp,C=US Validity Start Time: Saturday, November 9, 2019 at 11:26:09 AM CST (8 minutes, 15 seconds ago) Validity End Time: Sunday, November 8, 2020 at 11:26:09 AM CST (364 days, 23 hours, 51 minutes, 44 seconds from now) Validity State: The certificate is currently within the validity window. Signature Algorithm: SHA-256 with ECDSA Public Key Algorithm: EC (secP256r1) SHA-1 Fingerprint: 42:f8:85:97:bf:88:bc:74:4b:5b:ce:0c:54:43:9b:44:6b: 81:23:a3 SHA-256 Fingerprint: 4f:be:47:ed:36:68:13:38:ba:e8:c0:c5:6c:85:51:97: 8b:40:1b:76:10:c0:be:80:15:62:06:96:c5:71:30:df Private Key Available: Yes The certificate has a valid signature. Alias: server-cert (Certificate 2 of 2 in a chain) Subject DN: CN=Example Certification Authority,O=Example Corp,C=US Issuer DN: CN=Example Certification Authority,O=Example Corp,C=US Validity Start Time: Saturday, November 9, 2019 at 11:26:08 AM CST (8 minutes, 16 seconds ago) Validity End Time: Friday, November 4, 2039 at 12:26:08 PM CDT (7299 days, 23 hours, 51 minutes, 43 seconds from now) Validity State: The certificate is currently within the validity window. Signature Algorithm: SHA-256 with ECDSA Public Key Algorithm: EC (secP256r1) SHA-1 Fingerprint: b8:d0:16:9b:5d:f2:e7:a1:80:79:95:a2:64:b5:aa:ad:80: 23:64:16 SHA-256 Fingerprint: cf:98:2a:66:35:6e:6d:f9:5d:25:c6:68:68:04:5a:a8: 88:43:ca:b5:c8:e5:c9:95:09:e9:fc:ab:b9:41:ec:71 The certificate has a valid signature.
Example:
The following sample represents the verbose version of the previous command.
$ bin/manage-certificates list-certificates \ --keystore config/keystore \ --keystore-password-file config/keystore.pin \ --verbose Alias: server-cert (Certificate 1 of 2 in a chain) X.509 Certificate Version: v3 Subject DN: CN=ds1.example.com,O=Example Corp,C=US Issuer DN: CN=Example Certification Authority,O=Example Corp,C=US Serial Number: 7b:2d:91:6a:ff:51:4f:7a:19:16:26:4f:ce:cb:cb:31 Validity Start Time: Saturday, November 9, 2019 at 11:26:09 AM CST (9 minutes, 48 seconds ago) Validity End Time: Sunday, November 8, 2020 at 11:26:09 AM CST (364 days, 23 hours, 50 minutes, 11 seconds from now) Validity State: The certificate is currently within the validity window. Signature Algorithm: SHA-256 with ECDSA Signature Value: 30:46:02:21:00:cb:d5:5e:45:b2:8a:33:5e:2d:85:23:39:49:d1:3f:8f:dc: f8:9e:2f:f3:44:2f:41:0d:69:95:ec:f0:f5:c0:80:02:21:00:ef:8f:32:35: 3c:88:f4:89:ed:f3:a6:76: bb:92:6c:eb:c6:17:ac:61:dc:67:26:f0:ec:67:90:51:28:a1:d0:d5 Public Key Algorithm: EC (secP256r1) Elliptic Curve Public Key Is Compressed: false Elliptic Curve X-Coordinate: -242531537200112594084676766080816663423582032543698976420161979758741 05796326 Elliptic Curve Y-Coordinate: 487227145385914945527872889161867481853236780821268431652936646431343 52536146 Certificate Extensions: Subject Key Identifier Extension: OID: 2.5.29.14 Is Critical: false Key Identifier: 21:ad:b9:7a:15:e4:08:13:05:e1:c2:64:0c:86:aa:9b:f0:4c:fb:a0 Authority Key Identifier Extension: OID: 2.5.29.35 Is Critical: false Key Identifier: 01:4b:69:99:93:5f:76:51:39:95:61:cc:a9:a8:cb:16:f2:0f:8c:c8 Subject Alternative Name Extension: OID: 2.5.29.17 Is Critical: false DNS Name: ds1.example.com DNS Name: ds.example.com DNS Name: ldap.example.com DNS Name: localhost IP Address: 127.0.0.1 IP Address: 0:0:0:0:0:0:0:1 Key Usage Extension: OID: 2.5.29.15 Is Critical: false Key Usages: Digital Signature Key Encipherment Key Agreement Extended Key Usage Extension: OID: 2.5.29.37 Is Critical: false Key Purpose ID: TLS Server Authentication Key Purpose ID: TLS Client Authentication SHA-1 Fingerprint: 42:f8:85:97:bf:88:bc:74:4b:5b:ce:0c:54:43:9b:44:6b:81:23:a3 SHA-256 Fingerprint: 4f:be:47:ed:36:68:13:38:ba:e8:c0:c5:6c:85:51:97:8b:40:1b:76: 10:c0:be:80:15:62:06:96:c5:71:30:df Private Key Available: Yes The certificate has a valid signature. Alias: server-cert (Certificate 2 of 2 in a chain) X.509 Certificate Version: v3 Subject DN: CN=Example Certification Authority,O=Example Corp,C=US Issuer DN: CN=Example Certification Authority,O=Example Corp,C=US Serial Number: 43:b7:bb:0c:82:58:42:d8:06:fc:2a:f6:04:e8:2e:8c Validity Start Time: Saturday, November 9, 2019 at 11:26:08 AM CST (9 minutes, 49 seconds ago) Validity End Time: Friday, November 4, 2039 at 12:26:08 PM CDT (7299 days, 23 hours, 50 minutes, 10 seconds from now) Validity State: The certificate is currently within the validity window. Signature Algorithm: SHA-256 with ECDSA Signature Value: 30:45:02:21:00:b9:87:50:5d:b7:6a:19:82:99:9b:aa:f1:5d:25:a1:90:3c: 17:9d:7f:f5:7f:8d:06:b4:57:41:9e:15:c6:5a:af:02:20:0c:00:5e:17:bf: ca:bf:0b:ff:db:9f:dc:55:ad:35:eb:df:f6:37:4e:23:83:36:88:d2:cc: 7d:9e:23:da:78:28 Public Key Algorithm: EC (secP256r1) Elliptic Curve Public Key Is Compressed: false Elliptic Curve X-Coordinate: -2075310300192093905980033536741576173876470035377253976540506997872632403964 Elliptic Curve Y-Coordinate: 6707935650390842729237891844088941200265948573168357073736512795355450855373 Certificate Extensions: Subject Key Identifier Extension: OID: 2.5.29.14 Is Critical: false Key Identifier: 01:4b:69:99:93:5f:76:51:39:95:61:cc:a9:a8:cb:16:f2:0f:8c:c8 Basic Constraints Extension: OID: 2.5.29.19 Is Critical: false Is CA: true Path Length Constraint: 0 Key Usage Extension: OID: 2.5.29.15 Is Critical: false Key Usages: Key Cert Sign CRL Sign SHA-1 Fingerprint: b8:d0:16:9b:5d:f2:e7:a1:80:79:95:a2:64:b5:aa:ad:80:23:64:16 SHA-256 Fingerprint: cf:98:2a:66:35:6e:6d:f9:5d:25:c6:68:68:04:5a:a8:88:43:ca:b5:c8:e5:c9:95:09: e9:fc:ab:b9:41:ec:71 The certificate has a valid signature.