[problem]
You want to compare two cacerts java certificate stores.
Say comparing development server against prod, to ensure they both have same certs stored in cacerts (sampled by java among others).
[/problem]
[solution]
This can come in very handy, if you need to compare 2 different projects or envs. See the example.
[/solution]
[example]
Code to generate list of certs, along with there alias, entry, owner and valid dates.
Start in the directory where your cacerts file resides.
../../../bin/keytool -list -v -keystore cacerts -storepass changeit | gawk ' {
if(/Alias name/) {
if(alias != /^$/) { printf("%s: [%s] %s [from: %s]n",alias,entry,owner,valid); }
alias=$NF;
}
if(/Entry type/) { entry=$NF; }
if(/Owner/) { owner=$2" "$3; }
if(/Valid/) { valid=$5"/"$4"/"$8; }
} END { printf("%s: [%s] %s [from: %s]n",alias,entry,owner,valid); }
' | sort
You may need to change gawk for nawk on Solaris, etc.
Dump this out into a file for each env. The run diff with something like this:
diff -s dump.cob dump.dev | egrep -v -- "^([0-9]|--)" | sort | grep -vn xxx
[/example]
[reference]
[tags]openssl, cacerts, java certifications, comparing java certs, Unix Coding School[/tags]
- Linux Man Pages – crontab command
- See a run through here
- Mark Foster’s cool openssl tips
- Paul Heinlein’s excellent and comprehensive openssl tips
[/reference]
If you have found my website useful, please consider buying me a coffee below 😉