Reputation: 325
I can't see certificate chain into pem certificate file
I have a certificate file called customer_pem.cert . This file has PEM format. It contains three ---BEGIN CERTIFICATE-- sections (end user certificate, CA intermediate certificate and CA certificate). I'm using Windows 10. When I make double click over the file and I go to Certification Path section, I don't see the see the complete hierarchy or certificate chain. I just see the end user certificate. I don't see the CA and CA intermediate certificates.
The question is why I can't see them?
Upvotes: 1
Views: 8456
Answers (3)
Reputation: 13
The question is why I can't see them?
answered by @Daniel
To see a chain of certificate you need to do the following
Using Keytool
1. Download and Install Java JRE
Download from here https://www.java.com/en/download/manual.jsp
Or dowload Open JDK instead https://adoptium.net/temurin/releases/
select OS and Arch according to your system.
2. Make sure your Java/OpenJDK bin Directory registered in PATH Environment Variable
I don't know how installation behave, just make sure %ProgramFiles%\Java\jre#.#.#_###\bin\ or %ProgramFiles%\Eclipse Adoptium\jre-#.#.#.##-hotspot\ is in your PATH Environment Variable. Add if it isn't there.
Follow this tutorial if you're not familiar to edit an Environment Variable.
Or this if you want to do it from cmd shell.
3. Use Keytool to show your certificate chain
Keytool come with Java JRE and OpenJDK JRE, that's why we do the 1st step.
Open CMD, and execute the following:
keytool -printcert -file "path-to-pem/chain-of-cert.pem" -v
Using OpenSSL
1. Download and or Extract/Install Pre-built OpenSSL
Download from here (portable zip file)
Or download from here (installer exe/msi file, the lite version should be fine)
Choose according to your system OS and Arch
2. Make sure your OpenSSL directory is in your PATH Environment Variable
Just like step 2 of Keytool Method, I don't know how installation behave, just make sure the directory where openssl.exe placed is in your PATH Environment Variable. Add if it isn't there.
Follow this tutorial if you're not familiar to edit an Environment Variable.
Or this if you want to do it from cmd shell.
3. Use OpenSSL to show your certificate chain
Open CMD, and execute the following:
openssl crl2pkcs7 -nocrl -certfile "path-to-pem/chain-of-cert.pem" | openssl pkcs7 -print_certs -text -noout
OR
openssl storeutl -noout -text -certs "path-to-pem/chain-of-cert.pem"
Upvotes: 1
Reputation: 852
It is possible to get the entire cert chain in .pem format with Mozilla browser..
Step1: click on padlock icon >
Connection secure
Step2: Click
More information
Step3: Under
Securitytab, clickView Certificate
Step4: Scroll down, and under
Miscellaneous, you'll seePEM chain
Step5: Click that to open in any text editor and you will have the entire cert chain.
Upvotes: 3
Reputation: 4184
Windows has no default viewer for .pem files. You need to split the file in separate files with the extension .cer.
Upvotes: 1
Related Questions
- How to view the contents of a .pem certificate?
- Get or build PEM certificate chain in Python
- ssl : Unable to load certificate
- .pem file has two certificates, what does it mean
- I have p12 certificate when i am trying to convert it to cert.pem and key.pem. Key.pem is empty
- can't install SSL pem certificate android 10
- converting .cer to .pem returns error 'unable to load certificate'
- .pem certificate into readable format
- How do I fix my PEM block in ssl certificate?
- Load certificate chain from PEM file into STACK_OF(X509)* using OpenSSL