What is Java keytool?
The Java keytool is a command-line utility used to manage keystores in different formats containing keys and certificates. You can use the java keytool printcert command to print and view a certificate on a server or in a file. In many respects, the java keytool is a competing utility with openssl for keystore, key, and certificate management.
Why use the Java keytool to print certs (keytool -printcert), print CRLs (keytool -printcrl), or print CSRs (keytool -printcsr)?
You may want to print a certificate to see the PEM encoding in a human-readable format. The same for a certificate signing request or certificate revocation list. You may also wish to view the chain of certificates be returned on a server in which case you will use the -sslserver option.
What keytool command do I use to print a certificate in PEM format?
Use this command to print a certificate from a file:
keytool -printcert \
> -rfc \
> -file example.crt \
> -v
Use this command to print a certificate from a server:
keytool -printcert \
> -rfc \
> -sslserver example.com:443 \
> -v
-rfc
– Print the certificate in PEM format.
-file
– The filename of the certificate. Note that -file and -sslserver are to be used separately and not in the same command.
-sslserver
– The host and port of the server. Note that -file and -sslserver are to be used separately and not in the same command.
-v
– Verbose.

What keytool command do I use to print a Certificate Signing Request (CSR)?
keytool -printcertreq \
> -file example.csr \
> -v
See the above options section for a description of each flag.
What keytool command do I use to print a Certificate Revocation List (CRL)?
keytool -printcrl \
> -file example.crl \
> -v
See the above options section for a description of each flag.
Here are the official keytool docs to dive further into how to print a certificate, print a Certificate Revocation List or CRL, or print a Certificate Signing Request or CSR with java keytool. https://docs.oracle.com/javase/10/tools/keytool.htm#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__DISPLAYDATA-507D2B01
Leave a Reply