[ACCEPTED]-Verify certificate against Java certificate store via CLI-keytool
You can use
export the needed certificates 8 (those that are in the chain for the one 7 you need to verify) from the Java keystore 6 into X.509 files. Then, concatenate them 5 together into one file. Finally, use
openssl to 4 do the verification.
openssl verify -CAfile concatenated-certs.crt cert-to-verify.crt
Not a perfect solution 3 since it involves popping the certs out 2 of the truststore, but it ought to work 1 given what you are starting with.
This page could be oversimplifying:
But it 14 doesn't look like even import with keytool 13 does a true verification of a certificate. I'm 12 not seeing any description of verifying 11 the signature of the incoming certificate 10 against the signature of another trusted 9 certificate.
jarsigner will verify a signature 8 on a signed jar, but doesn't do anything 7 to verify the signature on the certificate 6 used to sign the jar.
I'm afraid you'd either 5 have to write a tool to do the verfication, or 4 look for a commercial tool that does it. I 3 would think that some of the PKI tool kits 2 would have a certificate verification tool 1 that would do this.
More Related questions