Help

OT - How to get a listing of certificates in the Java keystore?

Go to solution
acdesigntech
Contributor II

Posted on ‎10-16-2013 12:56 PM

I need to create an extension attribute that checks the java keystore to see if several certificates have been installed. This EA is part of a larger report on SAP readiness for the Macs in our fleet.

Does anyone know the commands to use to get this done? We are running OS X 10.8.2 and Java 7

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎10-16-2013 06:22 PM

On my Mac running 10.8.5, its in /usr/bin/ according to which

$ which keytool
/usr/bin/keytool

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
mm2270
Legendary Contributor III

Posted on ‎10-16-2013 02:32 PM

I don't know much about it, since I've only used it on very rare occasions, but you may want to look at the 'keytool', er, tool. It looks like there are -list and -keystore functions that let you list the certs installed in a keystore, but again, no real experience with it, so I'm totally guessing.
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/keytool.1.html

Also do man keytool

0 Kudos

Go to solution
acdesigntech
Contributor II

Posted on ‎10-16-2013 03:45 PM

Teehee. Man keytool. That just sounds wrong :P

I'll take a look at the keytool. I read about it, but couldn't find the executable. Is it in one of the default paths?

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎10-16-2013 06:22 PM

On my Mac running 10.8.5, its in /usr/bin/ according to which

$ which keytool
/usr/bin/keytool
0 Kudos

Go to solution
ega
Contributor III

Posted on ‎12-10-2013 08:09 AM

So key tool is very handy when generating CSR's and doing cert replacements.
To answer the question:
keytool -list -keystore /Library/Tomcat/.keystore -storepass "whateveryourtomcatpasswordis"
(the -keystore switch takes a path to the keystore file so might be /Library/JSS/Tomcat/.keystore on some OSX and /usr/local/jss/tomcat/.keystore on other unix deployments )
Should produce some thing like:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

root, Jan 19, 2012, trustedCertEntry,
Certificate fingerprint (MD5): D5:DF:85:B7:9A:52:87:D1:8C:D5:0F:90:23:2D:B5:34
tomcat, Jan 19, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): 8D:B8:98:47:21:7E:BB:15:DB:5B:29:FC:2D:D4:6B:55

0 Kudos