"keytool -printcert" Command Examples - Download Certificate

Q

Can I use the "keytool -printcert" command to download the certificate from a Web site? I know the Web site uses HTTPS and it has a certificate.

✍: FYIcenter.com

A

When a Web site uses the HTTPS address, it does have a certificate that contains its public key. Your browser is smart to download it automatically to encrypt your data exchanged with the server. to give you security protection.

But if you want get a copy of the Web site's certificate, you can use the "keytool -printcert" command with the "-sslserver" option as shown in this example:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -printcert
-sslserver www.facebook.com -rfc > facebook.pem

C:\Users\fyicenter>type facebook.pem

-----BEGIN CERTIFICATE-----
MIIDzDCCAzWgAwIBAgIQAWX5/4nQsxqIdTfN7yT+BDANBgkqhkiG9w0BAQUFADCBujEfMB0GA1UE
ChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAxBgNV
BAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNA
d3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBW
ZXJpU2lnbjAeFw0xMjA2MjEwMDAwMDBaFw0xMzEyMzEyMzU5NTlaMGoxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlQYWxvIEFsdG8xFzAVBgNVBAoTDkZhY2Vib29r
LCBJbmMuMRkwFwYDVQQDExB3d3cuZmFjZWJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQC4e9C0eD3zy0YR829bH7fd3PGGDp/3Rd7UR65Q+jcsRoLZaer9k9tPEOd5ZmWR1MTzwVEm
Z94fhoWf219K2Nx/v7fQaWYh5U0DETUobkDfR4zBAe+oMuFDIGrhEkUEdlWUOcpvScrtzRjRLyik
Tc4twjRlpB5RdnGGFopwCRTNMwIDAQABo4IBIDCCARwwCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkG
C2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEw
PAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL1NWUkludGwtY3JsLnZlcmlzaWduLmNvbS9TVlJJbnRs
LmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgWgMCkGA1UdEQQi
MCCCEHd3dy5mYWNlYm9vay5jb22CDGZhY2Vib29rLmNvbTA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
BQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBnkJ5NVI4x
zdKlATMc46Jy+l7LY+DZH+HEfBz6e/YWNvwuj40I+GxkqASjGKyyOo8dIS9AydbaWuF9SgGTYnAO
J9awxd21Zy8YrDp8dr7TAEeqUwNkVeJloiQUpCQLjqIFsZ/paWxVbjZZlUBbDvwx2iEmqGo+ziZW
HirmhVut0A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDgzCCAuygAwIBAgIQRvzrurTQLw+SYJgjP5MHjzANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFBy
aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTcwNDE3MDAwMDAwWhcNMTYxMDI0MjM1
OTU5WjCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNp
Z24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xh
c3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4gTElBQklM
SVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2IKA6NYZ
An0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLxveqXQu2aNAoV1Klc9UAl3dkHwTKydWzE
yruj/lYncUOqY/UwPpMo5frxCTvzt01OOfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1Oc
TzTnqwSye28CAwEAAaOB4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4
RQEHAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNVHSUE
LTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEIATALBgNVHQ8EBAMC
AQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNp
Z24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAECOSZeWinPdjk3vPmG3yqBirfQOCrt1
PeJu2CzHv/S5jDabyqLQnHJGOfamggNlEcS8vy2m9dk7CrWY+rN4uR7yK0xi1f2yeh3fM/1z+aXY
LYwq6tH8sCi26UlIE0uDihtIeyT3ON5vQVS4q1drBt/HotSp9vE2YoCI8ot11oBx
-----END CERTIFICATE-----

What the "keytool -printcert" command shown above did for you:

  • Connects to the www.facefook.com HTTPS server.
  • Download two certificates used by www.facebook.com.
  • Save both certificates in facebook.pem in PEM format using the "-rfc" option.

2012-07-20, 4174👍, 0💬