...
4. If there's one certificate, skip to step 6. If there are multiple certificates (ie: a certificate chain), split them apart into separate files named host.domain.tld_part-a...z; where host.domain.tld = the FQDN of the server you connected to. The below command commands in a PowerShell (PS) prompt will do this for you automatically:
| Code Block | ||||
|---|---|---|---|---|
| ||||
split$allcerts -a1= Get-p '-----BEGIN CERTIFICATE-----' "%UserProfile%Content "$env:UserProfile\Downloads\host.domain.tld_full-chain.pemcer" -Encoding UTF8 "%UserProfile%-Raw $i = 0 [regex]::Matches($allcerts, '(-{5}BEGIN CERTIFICATE-{5}[\s\S]*?-{5}END CERTIFICATE-{5})') | ForEach-Object { $i++ $_.value | Out-file "$env:UserProfile\Downloads\host.domain.tld_part-$i.pem" } |
5. Use Java keytool to inspect each cert you split; where host.domain.tld = the FQDN of the server you connected to and n = a...z. The certificates should be ordered from most specific (ie: the server cert) to the issuing root CA's (self-signed) certificate:
...