Friends,
I'm in search of a keytool command which pulls the expiration dates of certificates in keystore. I have around 200 certs in my keystore, so would like to know if we have any script/command which can pull expiration dates of certificates at one run.
You can loop through keytool extracting each cert, then pass that to the STDIN of:
openssl x509 -checkend $seconds
This will exit 0 if it is not going to expire within the next $seconds and exit 1 if it will.
hey Dragon,
I was able to figure out this command which lists out the certificate information. Depending on this can you advise me a "grep" command or any other command which can sort these results and pull only the certificates which are going to expiry this month(Sep,2013) and corresponding alias name.
Command:
keytool -list -v -keystore cas_truststore.jks
Sample output:
Alias name: xxxxxx
Creation date: xxxxxx, 2013
Entry type: trustedCertEntry
Owner: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number: xxxxxxxx
Valid from: Wed Nov 08 00:00:00 GMT 2006 until: Wed Jul 16 23:59:59 GMT 2036
i use it like this:
keytool -list -v -alias <alias> -keystore <keystore> -storepass <passwd> | grep "Valid from:"