How to check the CA registered in the Java certificate store
・ CentOS7
# yum install java-1.8.0-openjdk #/lib/jvm/To java-1.8.0-openjdk is installed
Use the keytool command to operate the certificate store.
# keytool -list -v -storepass changeit -keystore lib/jvm/java-1.8.0-openjdk-1.8.0.201.b09-2.el7_6.x86_64/jre/lib/security/cacerts > keystore #Output the contents of cacerts
# less cacerts
Keystore type: jks
Keystore provider: SUN
Your keystore contains 133 entries
Alias name: digicertassuredidrootca
Creation date: Jan 28, 2019
Entry type: trustedCertEntry
Owner: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: ce7e0e517d846fe8fe560fc1bf03039
Valid from: Fri Nov 10 00:00:00 UTC 2006 until: Mon Nov 10 00:00:00 UTC 2031
Certificate fingerprints:
MD5: 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
SHA1: 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
SHA256: 3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C
SHA256: 3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 45 EB A2 AF F4 92 CB 82 31 2D 51 8B A7 A7 21 9D E.......1-Q...!.
0010: F3 6D C8 0F .m..
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 45 EB A2 AF F4 92 CB 82 31 2D 51 8B A7 A7 21 9D E.......1-Q...!.
0010: F3 6D C8 0F .m..
]
]
The information of the certificate authority is stored like this.
# -list
The contents of the keystore entry(To standard output)Output
# -storepass
Enter the keystore password
The default password is "change it"
# -keystore
Specify the keystore
The Java keystore is located below
・ Jre/lib/security/cacerts
Recommended Posts