List the certificates available in a keystore.
-
To list the certificates in a keystore, use the
list-certificates subcommand.
This subcommand requires you to specify the path to the keystore file, and possibly the password that is needed to access the keystore. The following options are also available:
Option Description --alias {alias} Specifies the alias of the certificate to display. If this value is not provided, all certificates are displayed. To list more than one specific certificate, specify this value multiple times. --display-pem-certificate Includes a PEM-encoded representation of each certificate as part of the output. --verbose Includes details about each certificate. The following command demonstrates the basic listing of a keystore that contains a single certificate chain.
$ bin/manage-certificates list-certificates \ --keystore config/keystore \ --keystore-password-file config/keystore.pin Alias: server-cert (Certificate 1 of 2 in a chain) Subject DN: CN=ds1.example.com,O=Example Corp,C=US Issuer DN: CN=Example Certification Authority,O=Example Corp,C=US Validity Start Time: Saturday, November 9, 2019 at 11:26:09 AM CST (8 minutes, 15 seconds ago) Validity End Time: Sunday, November 8, 2020 at 11:26:09 AM CST (364 days, 23 hours, 51 minutes, 44 seconds from now) Validity State: The certificate is currently within the validity window. Signature Algorithm: SHA-256 with ECDSA Public Key Algorithm: EC (secP256r1) SHA-1 Fingerprint: 42:f8:85:97:bf:88:bc:74:4b:5b:ce:0c:54:43:9b:44:6b: 81:23:a3 SHA-256 Fingerprint: 4f:be:47:ed:36:68:13:38:ba:e8:c0:c5:6c:85:51:97: 8b:40:1b:76:10:c0:be:80:15:62:06:96:c5:71:30:df Private Key Available: Yes The certificate has a valid signature. Alias: server-cert (Certificate 2 of 2 in a chain) Subject DN: CN=Example Certification Authority,O=Example Corp,C=US Issuer DN: CN=Example Certification Authority,O=Example Corp,C=US Validity Start Time: Saturday, November 9, 2019 at 11:26:08 AM CST (8 minutes, 16 seconds ago) Validity End Time: Friday, November 4, 2039 at 12:26:08 PM CDT (7299 days, 23 hours, 51 minutes, 43 seconds from now) Validity State: The certificate is currently within the validity window. Signature Algorithm: SHA-256 with ECDSA Public Key Algorithm: EC (secP256r1) SHA-1 Fingerprint: b8:d0:16:9b:5d:f2:e7:a1:80:79:95:a2:64:b5:aa:ad:80: 23:64:16 SHA-256 Fingerprint: cf:98:2a:66:35:6e:6d:f9:5d:25:c6:68:68:04:5a:a8: 88:43:ca:b5:c8:e5:c9:95:09:e9:fc:ab:b9:41:ec:71 The certificate has a valid signature.
The following sample represents the verbose version of the previous command.
$ bin/manage-certificates list-certificates \ --keystore config/keystore \ --keystore-password-file config/keystore.pin \ --verbose Alias: server-cert (Certificate 1 of 2 in a chain) X.509 Certificate Version: v3 Subject DN: CN=ds1.example.com,O=Example Corp,C=US Issuer DN: CN=Example Certification Authority,O=Example Corp,C=US Serial Number: 7b:2d:91:6a:ff:51:4f:7a:19:16:26:4f:ce:cb:cb:31 Validity Start Time: Saturday, November 9, 2019 at 11:26:09 AM CST (9 minutes, 48 seconds ago) Validity End Time: Sunday, November 8, 2020 at 11:26:09 AM CST (364 days, 23 hours, 50 minutes, 11 seconds from now) Validity State: The certificate is currently within the validity window. Signature Algorithm: SHA-256 with ECDSA Signature Value: 30:46:02:21:00:cb:d5:5e:45:b2:8a:33:5e:2d:85:23:39:49:d1:3f:8f:dc: f8:9e:2f:f3:44:2f:41:0d:69:95:ec:f0:f5:c0:80:02:21:00:ef:8f:32:35: 3c:88:f4:89:ed:f3:a6:76: bb:92:6c:eb:c6:17:ac:61:dc:67:26:f0:ec:67:90:51:28:a1:d0:d5 Public Key Algorithm: EC (secP256r1) Elliptic Curve Public Key Is Compressed: false Elliptic Curve X-Coordinate: -242531537200112594084676766080816663423582032543698976420161979758741 05796326 Elliptic Curve Y-Coordinate: 487227145385914945527872889161867481853236780821268431652936646431343 52536146 Certificate Extensions: Subject Key Identifier Extension: OID: 2.5.29.14 Is Critical: false Key Identifier: 21:ad:b9:7a:15:e4:08:13:05:e1:c2:64:0c:86:aa:9b:f0:4c:fb:a0 Authority Key Identifier Extension: OID: 2.5.29.35 Is Critical: false Key Identifier: 01:4b:69:99:93:5f:76:51:39:95:61:cc:a9:a8:cb:16:f2:0f:8c:c8 Subject Alternative Name Extension: OID: 2.5.29.17 Is Critical: false DNS Name: ds1.example.com DNS Name: ds.example.com DNS Name: ldap.example.com DNS Name: localhost IP Address: 127.0.0.1 IP Address: 0:0:0:0:0:0:0:1 Key Usage Extension: OID: 2.5.29.15 Is Critical: false Key Usages: Digital Signature Key Encipherment Key Agreement Extended Key Usage Extension: OID: 2.5.29.37 Is Critical: false Key Purpose ID: TLS Server Authentication Key Purpose ID: TLS Client Authentication SHA-1 Fingerprint: 42:f8:85:97:bf:88:bc:74:4b:5b:ce:0c:54:43:9b:44:6b:81:23:a3 SHA-256 Fingerprint: 4f:be:47:ed:36:68:13:38:ba:e8:c0:c5:6c:85:51:97:8b:40:1b:76: 10:c0:be:80:15:62:06:96:c5:71:30:df Private Key Available: Yes The certificate has a valid signature. Alias: server-cert (Certificate 2 of 2 in a chain) X.509 Certificate Version: v3 Subject DN: CN=Example Certification Authority,O=Example Corp,C=US Issuer DN: CN=Example Certification Authority,O=Example Corp,C=US Serial Number: 43:b7:bb:0c:82:58:42:d8:06:fc:2a:f6:04:e8:2e:8c Validity Start Time: Saturday, November 9, 2019 at 11:26:08 AM CST (9 minutes, 49 seconds ago) Validity End Time: Friday, November 4, 2039 at 12:26:08 PM CDT (7299 days, 23 hours, 50 minutes, 10 seconds from now) Validity State: The certificate is currently within the validity window. Signature Algorithm: SHA-256 with ECDSA Signature Value: 30:45:02:21:00:b9:87:50:5d:b7:6a:19:82:99:9b:aa:f1:5d:25:a1:90:3c: 17:9d:7f:f5:7f:8d:06:b4:57:41:9e:15:c6:5a:af:02:20:0c:00:5e:17:bf: ca:bf:0b:ff:db:9f:dc:55:ad:35:eb:df:f6:37:4e:23:83:36:88:d2:cc: 7d:9e:23:da:78:28 Public Key Algorithm: EC (secP256r1) Elliptic Curve Public Key Is Compressed: false Elliptic Curve X-Coordinate: -2075310300192093905980033536741576173876470035377253976540506997872632403964 Elliptic Curve Y-Coordinate: 6707935650390842729237891844088941200265948573168357073736512795355450855373 Certificate Extensions: Subject Key Identifier Extension: OID: 2.5.29.14 Is Critical: false Key Identifier: 01:4b:69:99:93:5f:76:51:39:95:61:cc:a9:a8:cb:16:f2:0f:8c:c8 Basic Constraints Extension: OID: 2.5.29.19 Is Critical: false Is CA: true Path Length Constraint: 0 Key Usage Extension: OID: 2.5.29.15 Is Critical: false Key Usages: Key Cert Sign CRL Sign SHA-1 Fingerprint: b8:d0:16:9b:5d:f2:e7:a1:80:79:95:a2:64:b5:aa:ad:80:23:64:16 SHA-256 Fingerprint: cf:98:2a:66:35:6e:6d:f9:5d:25:c6:68:68:04:5a:a8:88:43:ca:b5:c8:e5:c9:95:09: e9:fc:ab:b9:41:ec:71 The certificate has a valid signature.