Package com.unboundid.util.ssl.cert

This package provides a number of classes that can be used to parse X.509 certificates, PKCS #8 private keys, PKCS #10 certificate signing requests, and other related entities.

This package also provides the ManageCertificates class, which implements a command-line tool for performing all kinds of It also provides a manage-certificates command-line tool that provides support for several certificate-related and key-related functions, including:
  • Listing the contents of a JKS or PKCS #12 keystore.
  • Exporting certificates and private keys from a JKS or PKCS #12 keystore to PEM or DER files.
  • Importing certificates and private keys from PEM or DER files into a JKS or PKCS #12 keystore.
  • Removing certificates and private keys from a JKS or PKCS #12 keystore.
  • Generating self-signed certificates in JKS or PKCS #12 keystore.
  • Generating certificate signing requests (CSRs) from a key in a JKS or PKCS #12 keystore (creating a new key if necessary).
  • Signing certificate signing requests using a certificate in a JKS or PKCS #12 keystore.
  • Changing the alias of a certificate or key in a JKS or PKCS #12 keystore.
  • Connecting to a server, initiating TLS negotiation, capturing the certificate chain presented during that negotiation process, and importing the chain into a JKS or PKCS #12 keystore so that it can be used as a trust store for TLS clients.
  • Validating the suitability of a specified certificate in a JKS or PKCS #12 keystore for use as a TLS sever certificate.
  • Decoding and printing a set of PEM-formatted or DER-formatted certificates contained in a specified file.
  • Decoding and printing a PEM-formatted or DER-formatted certificate signing request contained in a specified file.