Check the contents of the Java certificate store

memorandum

How to check the CA registered in the Java certificate store

Environmental information

・ CentOS7

Java installation

# yum install java-1.8.0-openjdk   #/lib/jvm/To java-1.8.0-openjdk is installed

Certificate store verification

Use the keytool command to operate the certificate store.

# keytool -list -v -storepass changeit -keystore lib/jvm/java-1.8.0-openjdk-1.8.0.201.b09-2.el7_6.x86_64/jre/lib/security/cacerts > keystore #Output the contents of cacerts

# less cacerts

Keystore type: jks
Keystore provider: SUN

Your keystore contains 133 entries

Alias name: digicertassuredidrootca
Creation date: Jan 28, 2019
Entry type: trustedCertEntry

Owner: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: ce7e0e517d846fe8fe560fc1bf03039
Valid from: Fri Nov 10 00:00:00 UTC 2006 until: Mon Nov 10 00:00:00 UTC 2031
Certificate fingerprints:
         MD5:  87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
         SHA1: 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
         SHA256: 3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C
         SHA256: 3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 45 EB A2 AF F4 92 CB 82   31 2D 51 8B A7 A7 21 9D  E.......1-Q...!.
0010: F3 6D C8 0F                                        .m..
]
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 45 EB A2 AF F4 92 CB 82   31 2D 51 8B A7 A7 21 9D  E.......1-Q...!.
0010: F3 6D C8 0F                                        .m..
]
]

The information of the certificate authority is stored like this.

option

# -list
The contents of the keystore entry(To standard output)Output

# -storepass
Enter the keystore password
The default password is "change it"

# -keystore
Specify the keystore
The Java keystore is located below
・ Jre/lib/security/cacerts

Recommended Posts

Check the contents of the Java certificate store
Memo: [Java] Check the contents of the directory
[Rails] Check the contents of the object
Check the contents of params with pry
[Java] Check the number of occurrences of characters
How to check for the contents of a java fixed-length string
JAVA: jar, aar, view the contents of the file
[Java] Check the JDK version of the built war file
Check the behavior of Java Intrinsic Locks with bpftrace
Java: Use Stream to sort the contents of the collection
Command to check the number and status of Java threads
Check the status of Java application without using monitoring tool
Replace the contents of the Jar file
[Java version] The story of serialization
Check the version of Cent OS
Check the migration status of rails
The origin of Java lambda expressions
[Ruby] Display the contents of variables
Get the result of POST in Java
Examine the memory usage of Java elements
[Java] Get the day of the specific day of the week
Folding and unfolding the contents of the Recyclerview
Compare the elements of an array (Java)
[day: 5] I summarized the basics of Java
[Ruby] Cut off the contents of twitter-ads
What are the updated features of java 13
Easily measure the size of Java Objects
Looking back on the basics of Java
Check the processing contents with [rails] binding.pry
Output of the book "Introduction to Java"
Acquisition of input contents using Scanner (Java)
The story of writing Java in Emacs
Format the contents of LocalDate with DateTimeFormatter
Check the version of the standard Web software.
The contents of the data saved by CarrierWave.
[Java] [Spring] Test the behavior of the logger
[Java] Contents of Collection interface and List interface
Check the operation of the interface through threads
Check the domain by checking the MX record of the email address with java
[Java] Check if the character string is composed only of blanks (= Blank)
[Java] Get MimeType from the contents of the file with Apathce Tika [Kotlin]
Check the version of the JDK installed and the version of the JDK enabled
The story of low-level string comparison in Java
[Java] Handling of JavaBeans in the method chain
The story of making ordinary Othello in Java
[Android] [Java] Manage the state of CheckBox of ListView
About the description order of Java system properties
About the idea of anonymous classes in Java
The order of Java method modifiers is fixed
[Java] Access the signed URL of s3 (signed version 2)
The story of learning Java in the first programming
Measure the size of a folder in Java
Java version check
[Java] Get the length of the surrogate pair string
[Java] The confusing part of String and StringBuilder
[Note] Java: Measures the speed of string concatenation
I compared the characteristics of Java and .NET
The basics of the App Store "automatic renewal subscription"
[Java] Be careful of the key type of Map
Overwrite the contents of config with Spring-boot + JUnit5
Feel the passage of time even in Java