[ACCEPTED]-Verify certificate against Java certificate store via CLI-keytool

Accepted answer
Score: 15

You can use keytool to export the needed certificates 8 (those that are in the chain for the one 7 you need to verify) from the Java keystore 6 into X.509 files. Then, concatenate them 5 together into one file. Finally, use openssl to 4 do the verification.

openssl verify -CAfile concatenated-certs.crt cert-to-verify.crt

Not a perfect solution 3 since it involves popping the certs out 2 of the truststore, but it ought to work 1 given what you are starting with.

Score: 3

This page could be oversimplifying:


But it 14 doesn't look like even import with keytool 13 does a true verification of a certificate. I'm 12 not seeing any description of verifying 11 the signature of the incoming certificate 10 against the signature of another trusted 9 certificate.

jarsigner will verify a signature 8 on a signed jar, but doesn't do anything 7 to verify the signature on the certificate 6 used to sign the jar.

I'm afraid you'd either 5 have to write a tool to do the verfication, or 4 look for a commercial tool that does it. I 3 would think that some of the PKI tool kits 2 would have a certificate verification tool 1 that would do this.

More Related questions