Bootstrap FreeKB - Java - List the certificates in a CER CRT PEM file using the Java keytool command
Java - List the certificates in a CER CRT PEM file using the Java keytool command
Updated:   |  Java articles

Let's say you have a certificate file, foo.pem. The file command can be used to determine if the file is cleartext or binary and if the files contains public certificates or private keys. In this example, foo.pemis a cleartext file containing only public certificates.

~]# file foo.pem
foo.cer: PEM certificate

 

In this example, the bar.pem is a cleartext file containing a private key.

~]# file bar.pem
bar.cer: PEM RSA private key

 

In this scenario, the cat command (on Linux) can be used to view the content of the files. Something like this should be returned.

~]# cat foo.cer
-----BEGIN CERTIFICATE-----
MIIGhTCCBW2gAwIBAgITFwAS0Zj4+uylATknJgAAABLRmDANBgkqhkiG9w0BAQsF
ADBMMRQwEgYKCZImiZPyLGQBGRYEY29ycDEYMBYGCgmSJomT8ixkARkWCHRocml2
ysR4VfQLr+A3zbM59CQjewP40y7oFgrpNuj8Hp1AXud3nsakEYFaGcc=
-----END CERTIFICATE-----

 

OpenSSL can be used when the file comman returns "PEM RSA private key".

OpenSSL or the Java keytool command can be used when the file command returns "PEM certificate".

If you are not familiar with the Java keytool command, check out our Getting Started article.

~]# keytool -file /path/to/example.pem -printcert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:00:12:de:98:f8:fa:ec:75:0d:39:27:26:fa:00:00:12:d1:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: DC=com, DC=foo.example.com
        Validity
            Not Before: Apr 27 12:57:49 2020 GMT
            Not After : Apr 27 12:57:49 2022 GMT
        Subject: C=US, ST=WI, L=Appleton, O=Acme, OU=Information Technology, CN=foo.example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d5:28:83:30:ca:eb:5b:42:1d:49:f1:eb:73:ca:
                    ec:cc:6c:13:f5:f3:72:73:95:0a:45:8c:20:be:d4:
                    fb:c6:c9:e2:02:05:bf:9e:7d:f6:96:ed:0f:64:22:
                    29:57:68:87:88:a3:40:af:18:49:62:40:f9:b8:fc:
                    b1:ec:9f:97:c2:28:62:8c:f7:3b:13:4b:0c:04:76:
                    13:af:6d:33:27:08:3c:bd:cc:e2:a9:c9:a8:71:85:
                    82:e4:38:17:1b:2f:cf:42:30:fb:78:4a:13:c8:63:
                    cc:0c:bc:66:56:1e:33:e9:48:2e:86:98:24:61:d0:
                    4a:9e:25:6f:54:9e:d1:b2:1a:83:f3:2c:a4:c1:3c:
                    77:45:2f:6c:c1:af:e1:35:97:15:51:2d:bd:8f:52:
                    4b:8d:2a:48:47:65:90:ee:6a:27:a2:ae:96:63:a5:
                    f6:f6:62:87:f7:f7:74:9f:a3:ea:0a:db:4d:83:99:
                    3b:f2:46:22:5e:f2:32:40:07:d2:84:4c:91:a1:40:
                    7c:1c:e8:64:fa:e9:b0:62:b5:84:ab:76:6c:8c:03:
                    d9:0d:26:1e:23:bb:c0:33:12:97:79:6e:14:b8:11:
                    07:ed:9e:95:d8:bc:6f:6b:8c:6c:35:c8:4b:12:fb:
                    7d:85:78:0f:c0:d2:df:9c:d9:2b:da:ee:0e:b6:bd:
                    d3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:example
            X509v3 Subject Key Identifier: 
                96:16:15:4D:BF:3C:73:9E:5C:17:28:22:DE:11:81:EE:69:C6:10:E6
            X509v3 Authority Key Identifier: 
                keyid:73:BB:DE:B5:54:49:BD:F2:8C:D9:BE:17:04:94:CB:27:B5:5E:84:B9

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.example.com/certenroll/example.crl
                  
            Authority Information Access: 
                CA Issuers - URI:http://crl.example.com/certenroll/issuer.crt

            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            1.4.6.7.4.1.322.21.7: 
                0..&+.....7.....C...=...8.......>........V..d...
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, TLS Web Server Authentication
            1.4.6.7.4.1.322.21.7: 
                0.0
..+.......0
..+.......
    Signature Algorithm: sha256WithRSAEncryption
         9e:07:5c:78:52:bb:ac:d9:a3:ce:43:66:cc:c2:1e:cf:af:de:
         45:ad:b1:bd:cb:1e:45:9b:4a:ae:48:03:25:81:93:1f:11:1a:
         ee:0b:c9:70:f4:d1:9d:d7:8f:02:fc:56:46:3a:5e:97:82:3e:
         7b:d7:d4:4c:96:9e:16:91:bb:d9:80:18:b7:84:bf:3f:23:b3:
         78:37:bd:fc:da:32:0d:42:1f:1f:d3:07:5a:87:f9:b6:56:dc:
         46:d3:48:a2:69:50:0e:89:6c:c4:70:c4:bf:3e:5f:d1:2a:86:
         f8:9e:27:27:a2:7f:b2:71:ca:b7:e4:73:51:2e:06:fc:0a:af:
         a9:aa:c7:c1:69:4b:78:b1:a9:10:6d:e5:d5:76:da:21:30:32:
         2e:aa:51:78:66:59:16:fe:66:4e:47:32:e9:89:91:eb:96:c6:
         c9:84:71:c0:af:ed:d6:78:aa:d1:89:b7:c4:98:2c:f4:40:03:
         13:07:1a:75:cc:f3:d0:5e:63:c2:a6:75:b7:de:14:ec:83:02:
         63:17:13:0b:c1:dc:ad:f3:29:0f:1a:4d:1e:fc:d4:15:af:ca:
         c4:78:55:f4:db:af:e0:37:cd:b3:39:f4:24:23:7b:03:f8:d3:
         2e:e8:16:0a:e9:36:e8:fc:1e:9d:40:5e:e7:77:9e:c6:a4:11:
         81:5a:19:c7

 

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter dfd94d in the box below so that we can be sure you are a human.