keytools commands

Note: (In case you don't have keytools, go to /usr/java/server-jdk/jre/bin/keytool or use ps aux |grep java to see where java is installed)

View the content of the certificate

keytool -printcert -v -file certificate.crt

View the list of the certificates in the keystore

keytool -list -v -keystore keystore.jks

View a certificate in the keytools from the alias

keytool -list -v -keystore keystore.jks -alias alias_certificate

Add a certificate into a keystore

keytool -import -trustcacerts -file certificate.crt -alias alias-cert -keystore keystore.jks

Add certificate without confirmation [y/n]

keytool -import -trustcacerts -file certificate.crt -noprompt -alias alias-cert -keystore keystore.jks

You can add the option -storepass at the end, and then the key to add the password directly, or without it so it ask you later to write it.

To export a certificate in the keystore, from an alias

keytool -export -alias alias-cert -file certificate.crt -keystore keytools.jks

Search the alias before.

Export a certificate from a keystore

keytool -export -alias alias-cert -keystore keystrore.jks -rfc -file certificate.crt -storepass clave

Export the key to a pkcs12 file

keytool -v -importkeystore -srckeystore keystore.jks -srcalias alias-cert -destkeystore myp12file.p12 -deststoretype PKCS12

openssl commands

Extract from a pkcs12 file the key

openssl pkcs12 -in myp12file.p12 -out private.key

View the content of the .pfx file

openssl pkcs12 -info -in archivo.pfx

View the Certificate Signing Request (CSR) information

openssl req -text -noout -verify -in CSR.csr

Check the private key

openssl rsa -in privateKey.key -check

View certificate information

openssl x509 -noout -text -in certificate.crt

View the PKCS#12 information(.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

View md5 of the certificate

openssl x509 -noout -modulus -in /etc/ssl/ca/certs/ca.crt | openssl md5

Check md5 of the key

openssl rsa -noout -modulus -in /etc/ssl/ca/private/ca.key | openssl md5

Check csr information

openssl req -noout -modulus -in CSR.csr | openssl md5

Extract a certificate from a web site and then export to file .crt

openssl s_client -showcerts -connect google.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >certificate.crt

Check md5 from a certificate

openssl x509 -noout -fingerprint -md5 -inform pem -in certificate.crt

Create a pfx file with a certificate and a key

openssl pkcs12 -export -out archivo.pfx -inkey private.key -in certificate.crt

Create a pfx file with the CA and the intermediate CA

openssl pkcs12 -export -out archivo.pfx -inkey private.key -in certificate.crt -in intermediate.crt -in rootca.crt

View the information of multiple certificates from a single file

openssl crl2pkcs7 -nocrl -certfile CHAINED.pem | openssl pkcs7 -print_certs -text -noout

Show the subject and issuer and issuer of each certificate

openssl crl2pkcs7 -nocrl -certfile cabundle.ca | openssl pkcs7 -print_certs -text -noout

Fix a certificate when the keytool shows an error to import in the keystore

openssl x509 -in broken.pem -out correct.pem