Prints legible and detailed information of one or multiple SSL certificate and key entries.
Synopsis
asadmin [asadmin-options] print-certificate [--help]
[--certificatealias certificatealias]
[--providerclass providerclass]
[file]
Description
The print-certificate
subcommand is useful to print legible and detailed information of one or multiple SSL certificate and key entries.
Since the output generated by the standard keytool utility is not standardized (especially distinguished names since they usually they use RFC 1779), it is recommended to use this command instead.
See Printing Certificate Data for more information.
Options
- asadmin-options
-
Options for the
asadmin
utility. For information about these options, see theasadmin
help page. --help
-?
-
Displays the help text for the subcommand.
--certificatealias
-
If the file is a keystore, this is an alias used to access the certificate.
--providerclass
-
The name of a custom
java.security.Provider
implementation class to be preferred in this command execution
Examples
Example 1 Printing a DER certificate with one entry
This example prints a DER certificate with one entry.
asadmin print-certificate ./certificate.der
Found Certificate:
Subject: UID=LDAP-Test,EMAILADDRESS=nobody@nowhere.space,CN=PrintCertificateCommandTest,OU=Test Test\, Test,O=Payara Foundation,L=Pilsen,C=CZ
Validity: Thu Aug 01 02:00:00 CEST 2019 - Fri Aug 02 02:00:00 CEST 2019
S/N: 1
Version: 3
Issuer: UID=LDAP-Test,EMAILADDRESS=nobody@nowhere.space,CN=PrintCertificateCommandTest,OU=Test Test\, Test,O=Payara Foundation,L=Pilsen,C=CZ
Public Key: RSA, 2048 bits
Sign. Alg.: SHA256withRSA (OID: 1.2.840.113549.1.1.11)
Command print-certificate executed successfully.
Example 2 Printing a specific certificate using a P12 format keystore
This example prints a specific certificate using a P12 format keystore.
asadmin> print-certificate --certificatealias s1as ./keystore.p12
Keystore Password>
Found Certificate:
Subject: CN=localhost,OU=Payara,O=Payara Foundation,L=Great Malvern,ST=Worcestershire,C=UK
Validity: Tue Aug 06 14:06:14 CEST 2019 - Fri Aug 03 14:06:14 CEST 2029
S/N: 886895448
Version: 3
Issuer: CN=localhost,OU=Payara,O=Payara Foundation,L=Great Malvern,ST=Worcestershire,C=UK
Public Key: RSA, 2048 bits
Sign. Alg.: SHA256withRSA (OID: 1.2.840.113549.1.1.11)
Command print-certificate executed successfully.
Example 3 Plugging an alternative provider
This example plugins a different java.security.Provider
implementation to get different outputs when running the print-certificate
command. In this example, we use the BouncyCastle library, which leads to one significant difference: A highlighted, uppercase signature’s algorithm name.
#Copy the library to the asadmin lib directory first
cp .../bcprov-jdk15on-1.62.jar .../payara6/glassfish/lib/asadmin/
#Then run the command
asadmin> print-certificate --providerclass org.bouncycastle.jce.provider.BouncyCastleProvider ./certificate.der
Found Certificate:
Subject: UID=LDAP-Test,EMAILADDRESS=nobody@nowhere.space,CN=PrintCertificateCommandTest,OU=Test Test\, Test,O=Payara Foundation,L=Pilsen,C=CZ
Validity: Thu Aug 01 02:00:00 CEST 2019 - Fri Aug 02 02:00:00 CEST 2019
S/N: 1
Version: 3
Issuer: UID=LDAP-Test,EMAILADDRESS=nobody@nowhere.space,CN=PrintCertificateCommandTest,OU=Test Test\, Test,O=Payara Foundation,L=Pilsen,C=CZ
Public Key: RSA, 2048 bits
Sign. Alg.: SHA256WITHRSA (OID: 1.2.840.113549.1.1.11)
Command print-certificate executed successfully.