Android Apple Mac DH Keys DSA Keys EC Keys Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Microsoft Edge Mozilla CertUtil OpenSSL Other Portecle Publishers Revoked Certificates Root CA RSA Keys Tools Tutorial What Is Windows

Split Certificate Chain File

Q

How to split a certificate chain file into individual certificate files? I have 2 certificates in a certificate chain file in PEM format.

✍: FYIcenter.com

A

If you have a certificate chain file in PEM format, you can split each certificate out of the chain file using any text editor as shown in this tutorial:

Assume that we have the certificate chain file called facebook.pem with 2 certificates inside in PEM downloaded in the previous tutorial.

Open facebook.pem in a text editor, like Notepad.

Copy the first certificate between the first pair of "-----BEGIN CERTIFICATE-----" line and "-----END CERTIFICATE-----" into a new file called facebook_cert.pem: 

-----BEGIN CERTIFICATE-----
MIIDzDCCAzWgAwIBAgIQAWX5/4nQsxqIdTfN7yT+BDANBgkqhkiG9w0BAQUFADCBujEfMB0GA1UE
ChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAxBgNV
BAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNA
d3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBW
ZXJpU2lnbjAeFw0xMjA2MjEwMDAwMDBaFw0xMzEyMzEyMzU5NTlaMGoxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlQYWxvIEFsdG8xFzAVBgNVBAoTDkZhY2Vib29r
LCBJbmMuMRkwFwYDVQQDExB3d3cuZmFjZWJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQC4e9C0eD3zy0YR829bH7fd3PGGDp/3Rd7UR65Q+jcsRoLZaer9k9tPEOd5ZmWR1MTzwVEm
Z94fhoWf219K2Nx/v7fQaWYh5U0DETUobkDfR4zBAe+oMuFDIGrhEkUEdlWUOcpvScrtzRjRLyik
Tc4twjRlpB5RdnGGFopwCRTNMwIDAQABo4IBIDCCARwwCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkG
C2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEw
PAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL1NWUkludGwtY3JsLnZlcmlzaWduLmNvbS9TVlJJbnRs
LmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgWgMCkGA1UdEQQi
MCCCEHd3dy5mYWNlYm9vay5jb22CDGZhY2Vib29rLmNvbTA0BggrBgEFBQcBAQQoMCYwJAYIKwYB
BQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBnkJ5NVI4x
zdKlATMc46Jy+l7LY+DZH+HEfBz6e/YWNvwuj40I+GxkqASjGKyyOo8dIS9AydbaWuF9SgGTYnAO
J9awxd21Zy8YrDp8dr7TAEeqUwNkVeJloiQUpCQLjqIFsZ/paWxVbjZZlUBbDvwx2iEmqGo+ziZW
HirmhVut0A==
-----END CERTIFICATE-----

Copy the second certificate between the second pair of "-----BEGIN CERTIFICATE-----" line and "-----END CERTIFICATE-----" into a new file called verisign_server_cert.pem: 

-----BEGIN CERTIFICATE-----
MIIDgzCCAuygAwIBAgIQRvzrurTQLw+SYJgjP5MHjzANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFBy
aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTcwNDE3MDAwMDAwWhcNMTYxMDI0MjM1
OTU5WjCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNp
Z24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xh
c3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4gTElBQklM
SVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2IKA6NYZ
An0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLxveqXQu2aNAoV1Klc9UAl3dkHwTKydWzE
yruj/lYncUOqY/UwPpMo5frxCTvzt01OOfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1Oc
TzTnqwSye28CAwEAAaOB4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4
RQEHAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNVHSUE
LTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEIATALBgNVHQ8EBAMC
AQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNp
Z24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAECOSZeWinPdjk3vPmG3yqBirfQOCrt1
PeJu2CzHv/S5jDabyqLQnHJGOfamggNlEcS8vy2m9dk7CrWY+rN4uR7yK0xi1f2yeh3fM/1z+aXY
LYwq6tH8sCi26UlIE0uDihtIeyT3ON5vQVS4q1drBt/HotSp9vE2YoCI8ot11oBx
-----END CERTIFICATE-----

Now we have 2 individual certificate files:

  • "facebook_cert.pem" with owner of www.facebook.com and signed by "VeriSign International Server CA - Class 3".
  • "verisign_server_cert" with owner of "VeriSign International Server CA - Class 3" and signed by "Class 3 Public Primary Certification Authority," of "VeriSign, Inc.".

 

Java "keytool -importcert" Command Options

Why www.facebook.com Has 2 Certificates

Managing Certificates with Java Keytool

⇑⇑ Java Keytool: Certificate Management Tool

2012-07-20, 13676🔥, 0💬

Android Apple Mac DH Keys DSA Keys EC Keys Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Microsoft Edge Mozilla CertUtil OpenSSL Other Portecle Publishers Revoked Certificates Root CA RSA Keys Tools Tutorial What Is Windows