Problem
You want to compare two cacerts java certificate stores.
Say comparing development server against prod, to ensure they both have same certs stored in cacerts (sampled by java among others).
Solution
This can come in very handy, if you need to compare 2 different projects or envs. See the example.
Example
Code to generate list of certs, along with there alias, entry, owner and valid dates.
Start in the directory where your cacerts file resides.
../../../bin/keytool -list -v -keystore cacerts -storepass changeit | gawk ' {
if(/Alias name/) {
if(alias != /^$/) { printf("%s: [%s] %s [from: %s]n",alias,entry,owner,valid); }
alias=$NF;
}
if(/Entry type/) { entry=$NF; }
if(/Owner/) { owner=$2" "$3; }
if(/Valid/) { valid=$5"/"$4"/"$8; }
} END { printf("%s: [%s] %s [from: %s]n",alias,entry,owner,valid); }
' | sort
You may need to change gawk for nawk on Solaris, etc.
Dump this out into a file for each env. The run diff with something like this:
diff -s dump.cob dump.dev | egrep -v -- "^([0-9]|--)" | sort | grep -vn xxx
Reference
[tags]openssl, cacerts, java certifications, comparing java certs, Unix Coding School[/tags]