print-certificate

Prints legible and detailed information of one or multiple SSL certificate and key entries.

Synopsis

asadmin [asadmin-options] print-certificate [--help]
[--certificatealias certificatealias]
[--providerclass providerclass]
[file]

Description

The print-certificate subcommand is useful to print legible and detailed information of one or multiple SSL certificate and key entries.

Since the output generated by the standard keytool utility is not standardized (especially distinguished names since they usually they use RFC 1779), it is recommended to use this command instead.

See Printing Certificate Data for more information.

Options

asadmin-options: Options for the asadmin utility. For information about these options, see the asadmin help page.
--help
-?: Displays the help text for the subcommand.
--certificatealias: If the file is a keystore, this is an alias used to access the certificate.
--providerclass: The name of a custom java.security.Provider implementation class to be preferred in this command execution

Operands

file: File containing the certificate

Examples

Example 1 Printing a DER certificate with one entry

This example prints a DER certificate with one entry.

asadmin print-certificate ./certificate.der

Found Certificate:
Subject:    UID=LDAP-Test,EMAILADDRESS=nobody@nowhere.space,CN=PrintCertificateCommandTest,OU=Test Test\, Test,O=Payara Foundation,L=Pilsen,C=CZ
Validity:   Thu Aug 01 02:00:00 CEST 2019 - Fri Aug 02 02:00:00 CEST 2019
S/N:        1
Version:    3
Issuer:     UID=LDAP-Test,EMAILADDRESS=nobody@nowhere.space,CN=PrintCertificateCommandTest,OU=Test Test\, Test,O=Payara Foundation,L=Pilsen,C=CZ
Public Key: RSA, 2048 bits
Sign. Alg.: SHA256withRSA (OID: 1.2.840.113549.1.1.11)
Command print-certificate executed successfully.

Example 2 Printing a specific certificate using a P12 format keystore

This example prints a specific certificate using a P12 format keystore.

asadmin> print-certificate --certificatealias s1as ./keystore.p12

Keystore Password>
Found Certificate:
Subject:    CN=localhost,OU=Payara,O=Payara Foundation,L=Great Malvern,ST=Worcestershire,C=UK
Validity:   Tue Aug 06 14:06:14 CEST 2019 - Fri Aug 03 14:06:14 CEST 2029
S/N:        886895448
Version:    3
Issuer:     CN=localhost,OU=Payara,O=Payara Foundation,L=Great Malvern,ST=Worcestershire,C=UK
Public Key: RSA, 2048 bits
Sign. Alg.: SHA256withRSA (OID: 1.2.840.113549.1.1.11)
Command print-certificate executed successfully.

Example 3 Plugging an alternative provider

This example plugins a different java.security.Provider implementation to get different outputs when running the print-certificate command. In this example, we use the BouncyCastle library, which leads to one significant difference: A highlighted, uppercase signature’s algorithm name.

#Copy the library to the asadmin lib directory first
cp .../bcprov-jdk15on-1.62.jar .../payara6/glassfish/lib/asadmin/

#Then run the command
asadmin> print-certificate --providerclass org.bouncycastle.jce.provider.BouncyCastleProvider ./certificate.der

Found Certificate:
Subject:    UID=LDAP-Test,EMAILADDRESS=nobody@nowhere.space,CN=PrintCertificateCommandTest,OU=Test Test\, Test,O=Payara Foundation,L=Pilsen,C=CZ
Validity:   Thu Aug 01 02:00:00 CEST 2019 - Fri Aug 02 02:00:00 CEST 2019
S/N:        1
Version:    3
Issuer:     UID=LDAP-Test,EMAILADDRESS=nobody@nowhere.space,CN=PrintCertificateCommandTest,OU=Test Test\, Test,O=Payara Foundation,L=Pilsen,C=CZ
Public Key: RSA, 2048 bits
Sign. Alg.: SHA256WITHRSA (OID: 1.2.840.113549.1.1.11)
Command print-certificate executed successfully.

Exit Status

0: subcommand executed successfully
1: error in executing the subcommand

See Also

Printing Certificate Data