• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

SSL Certificates * SSL Tools * Certificate Decoder

  • Buy SSL Certificates
  • Blog
  • OpenSSL
  • Keytool
  • SSL Tools
  • Donate

keytool printcert – How to print a certificate with Java keytool

February 11, 2020 by Mister PKI Leave a Comment

What is Java keytool?

The Java keytool is a command-line utility used to manage keystores in different formats containing keys and certificates. You can use the java keytool printcert command to print and view a certificate on a server or in a file. In many respects, the java keytool is a competing utility with openssl for keystore, key, and certificate management.

Why use the Java keytool to print certs (keytool -printcert), print CRLs (keytool -printcrl), or print CSRs (keytool -printcsr)?

You may want to print a certificate to see the PEM encoding in a human-readable format. The same for a certificate signing request or certificate revocation list. You may also wish to view the chain of certificates be returned on a server in which case you will use the -sslserver option.

What keytool command do I use to print a certificate in PEM format?

Use this command to print a certificate from a file:

keytool -printcert \
> -rfc \
> -file example.crt \
> -v

Use this command to print a certificate from a server:

keytool -printcert \
> -rfc \
> -sslserver example.com:443 \
> -v

-rfc – Print the certificate in PEM format.

-file – The filename of the certificate. Note that -file and -sslserver are to be used separately and not in the same command.

-sslserver – The host and port of the server. Note that -file and -sslserver are to be used separately and not in the same command.

-v – Verbose.

keytool printcert
keytool printcert

What keytool command do I use to print a Certificate Signing Request (CSR)?

keytool -printcertreq \
> -file example.csr \
> -v

See the above options section for a description of each flag.

What keytool command do I use to print a Certificate Revocation List (CRL)?

keytool -printcrl \
> -file example.crl \
> -v

See the above options section for a description of each flag.

Here are the official keytool docs to dive further into how to print a certificate, print a Certificate Revocation List or CRL, or print a Certificate Signing Request or CSR with java keytool. https://docs.oracle.com/javase/10/tools/keytool.htm#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__DISPLAYDATA-507D2B01

Read all of our blog content.

keytool

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Training Courses

Top online courses in IT & Software

Cyber Security Training

Udemy - The Complete Internet Security Privacy Course icon

Buy SSL Certificates

The SSL Store

Comodo Store

Sectigo Store

RapidSSL

Recent Posts

  • pfx password
  • pkcs12
  • Sendmail vs Postfix – Mail Transfer Agent Comparison
  • Python mock datetime now
  • Python get SSL Certificate

Footer

  • Twitter
  • YouTube

Pages

  • About Mister PKI
  • Blog
  • Compare and Buy Affordable PKI Certificates
  • Contact Us
  • Full Disclosure
  • Privacy Policy
  • SSL Tools – Certificate Decoder and Certificate Checker

Copyright © 2022