Java "keytool -printcert" Command Options

Q

What options are supported by the "keytool -printcert" command?

✍: FYIcenter.com

A

Java Keytool can be used to printout owner, issuer, serial number and other information from a certificate using the "keytool -printcert" command, which supports the following options:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -printcert -help

keytool -printcert [OPTION]...

Prints the content of a certificate

Options:

 -rfc                        output in RFC style
 -file <filename>            input file name
 -sslserver <server[:port]>  SSL server host and port
 -jarfile <filename>         signed jar file
 -v                          verbose output

Use "keytool -help" for all available commands

The "keytool -printcert" command reads the certificate from the file cert_file, the SSL server located at host:port, or the signed JAR file JAR_file (with the option -jarfile and prints its contents in a human-readable format. When no port is specified, the standard HTTPS port 443 is assumed. Note that -sslserver and -file options cannot be provided at the same time. Otherwise, an error is reported. If neither option is given, the certificate is read from stdin.

If -rfc is specified, keytool prints the certificate in PEM mode as defined by the Internet RFC 1421 standard.

If the certificate is read from a file or stdin, it may be either binary encoded or in printable encoding format, as defined by the Internet RFC 1421 standard

If the SSL server is behind a firewall, -J-Dhttps.proxyHost=proxyhost and -J-Dhttps.proxyPort=proxyport can be specified on the command line for proxy tunneling. See the JSSE Reference Guide for more information.

Note that the "keytool -printcert" command can be used independently of a keystore.

2012-07-19, 6411👍, 0💬