[ACCEPTED]-Verify certificate against Java certificate store via CLI-keytool
You can use keytool to export the needed certificates 8 (those that are in the chain for the one 7 you need to verify) from the Java keystore 6 into X.509 files. Then, concatenate them 5 together into one file. Finally, use openssl to 4 do the verification.
openssl verify -CAfile concatenated-certs.crt cert-to-verify.crt
Not a perfect solution 3 since it involves popping the certs out 2 of the truststore, but it ought to work 1 given what you are starting with.
This page could be oversimplifying:
http://java.sun.com/docs/books/tutorial/security/toolfilex/rstep1.html
But it 14 doesn't look like even import with keytool 13 does a true verification of a certificate. I'm 12 not seeing any description of verifying 11 the signature of the incoming certificate 10 against the signature of another trusted 9 certificate.
jarsigner will verify a signature 8 on a signed jar, but doesn't do anything 7 to verify the signature on the certificate 6 used to sign the jar.
I'm afraid you'd either 5 have to write a tool to do the verfication, or 4 look for a commercial tool that does it. I 3 would think that some of the PKI tool kits 2 would have a certificate verification tool 1 that would do this.
More Related questions
We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.