File Signing: Viewing a Certificate

Now that you have a certificate, you may choose to view the specific information about it. Use the keytool –printcert –file sender.cer command to view the certificate details.

C:\IS-2731\Lab 2>keytool -printcert -file sender.cer
Owner: CN=Nathan Sulinski, OU=SIS, O=University of Pittsburgh, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Nathan Sulinski, OU=SIS, O=University of Pittsburgh, L=Pittsburgh, ST=PA, C=US
Serial number: 47b8a114
Valid from: Sun Feb 17 16:03:16 EST 2008 until: Sat May 17 17:03:16 EDT 2008
Certificate fingerprints:
MD5: 49:D9:17:98:7C:09:21:50:9E:37:9D:69:FF:DD:C4:FB
SHA1: BF:E0:60:B5:27:C7:C4:02:2D:A5:E8:7B:44:85:6A:B5:E3:E1:63:A8

Importing a Certificate

When you receive certificates from other sources, you will want to import them into your certificate chain (keystore). This becomes a repository of certificates that you trust. Use the keytool -import -alias <cert name> -file sender.cer command to view the certificate details. You may assign any alias that has meaning for the certificate.

C:\IS-2731\Lab 2>keytool -import -alias myCert -file sender.cer
Enter keystore password: ab987c
Owner: CN=Nathan Sulinski, OU=SIS, O=University of Pittsburgh, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Nathan Sulinski, OU=SIS, O=University of Pittsburgh, L=Pittsburgh, ST=PA, C=US
Serial number: 47b8a114
Valid from: Sun Feb 17 16:03:16 EST 2008 until: Sat May 17 17:03:16 EDT 2008
Certificate fingerprints:
MD5: 49:D9:17:98:7C:09:21:50:9E:37:9D:69:FF:DD:C4:FB
SHA1: BF:E0:60:B5:27:C7:C4:02:2D:A5:E8:7B:44:85:6A:B5:E3:E1:63:A8
Trust this certificate? [no]: y
Certificate was added to keystore


Note that the certificate has been added to the keystore. We can verify that by using keytool –list command to view the keystore.

C:\IS-2731\Lab 2>keytool -list

Enter keystore password: ab987c

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

mycert, Feb 17, 2008, trustedCertEntry,
Certificate fingerprint (MD5): 49:D9:17:98:7C:09:21:50:9E:37:9D:69:FF:DD:C4:FB

Exporting a Certificate

Occassionaly you may wish to send certificates from your keystore to other people. You can use the keytool -export -alias <cert name> -file <filename> command to export a certificate from the keystore.

C:\IS-2731\Lab 2>keytool -export -alias myCert -file NPS.cert
Enter keystore password: ab987c
Certificate stored in file <NPS.cert>

C:\IS-2731\Lab 2>dir
Volume in drive C has no label.
Volume Serial Number is 8C54-5474

Directory of C:\IS-2731\Lab 2

02/17/2008 04:20 PM <DIR> .
02/17/2008 04:20 PM <DIR> ..
10/21/2006 04:56 PM 2,255 Main.class
02/17/2008 04:01 PM 1,698 Main.jar
10/21/2006 11:57 AM 3,210 Main.java
02/17/2008 04:20 PM 812 NPS.cert
02/17/2008 04:07 PM 812 sender.cer
02/17/2008 04:03 PM 1,285 senderstore
02/17/2008 04:06 PM 2,969 signedMain.jar
7 File(s) 13,041 bytes
2 Dir(s) 78,656,049,152 bytes free

C:\IS-2731\Lab 2>


Now the certificate file can be distributed, or stored.