0 Replies Latest reply: Aug 5, 2011 11:11 AM by 880612 RSS

    keytool exportcert not exporting complete chain

    880612
      I have a Java Keystore - remote.jks

      When I run this command: ` keytool -list -v -keystore remote.jks -storepass xxxx ` it prints the following:

      Keystore type: JKS
      Keystore provider: SUN

      Your keystore contains 3 entries

      Alias name: gd_cross_intermediate
      Creation date: Jan 27, 2011
      Entry type: trustedCertEntry
      ......
      ......

      ********************************************
      ********************************************

      Alias name: xxxx.xxxx.com
      Creation date: Jan 27, 2011
      Entry type: PrivateKeyEntry
      Certificate chain length: 4
      Certificate[1]:
      .....
      .....
      Certificate[2]:
      .....
      .....
      Certificate[3]:
      .....
      .....
      Certificate[4]:
      .....
      .....

      ********************************************
      ********************************************

      Alias name: gd_bundle
      Creation date: Jan 27, 2011
      Entry type: trustedCertEntry
      ......
      ......

      ********************************************
      ********************************************

      From this I understand that the public key for xxxx.xxx.com has three certificates in it's certification path. Certificate[4] signs Certificate[3] signs Certificate[2] which signs the public key Certificate[1].

      When I export the xxxx.xxx.com certificate using the command: ` keytool -exportcert -alias xxxx.xxx.com -storepass xxx -keystore remote.jks -file pub.cer ` and view the pub.cer on windows machine, it shows only two certificates in the certification path. i.e. Certificate[3] signs Certificate[2] which signs the public key Certificate[1].

      I don't understand this behavior. Can someone explain this behavior?