How to export all intermediate certificates, including root certificates, only with keytool

Question

How to export all intermediate certificates, including root certificates, only with keytool

I am trying to configure SSL and get the .pfx file from the server command. Certificate Chain Length: 2

When I try to export a certificate chain using keytool, only the first certificate is exported.

Trying to find out if there are any other parameters that I skip when issuing the keytool command.

The commands I use are:

1) conversion to JKS, since the alias is not supported using pfx

keytool -importkeystore -srckeystore "serverauth.pfx" -srcstoretype pkcs12 -destkeystore "serverauth.jks"

2) Tried to export certificates using below.

keytool -export -alias 1 -keystore "serverauth.jks" -rfc -file "authclient.cert"

But the above command generates only the first certificate.

If I delete the entire alias, getting an error

keytool error: java.lang.Exception: Alias <1> does not exist

Is there any other process.

+4

java ssl ssl-certificate

Santhosh Nagulanchi May 07 '15 at 4:28

source share

3 answers

Zac Thompson · Answer 1 · 2016-08-18T23:45:14+0000

keytool -list -rfc -keystore serverauth.jks

. , .

zedix · Answer 2 · 2017-02-04T03:32:37+0000

Java 8, :

keytool -list -alias yourcert -keystore /path/to/keystore -rfc

, , , . -file, >

Stephane desjardins · Answer 3 · 2017-09-22T18:41:40+0000

You can do (e.g. java cacert):

for cert in `keytool -list -keystore cacerts -storepass changeit | grep trustedCertEntry | grep -Eo "^[^,]*"`;do
    `keytool -exportcert -keystore cacerts -alias $cert -file ${cert}.crt <<< $'changeit'`
done

This will export the entire certificate to a separate .crt file.

How to export all intermediate certificates, including root certificates, only with keytool

More articles: