On 1/18/2011 9:40 AM, Weijun Wang wrote: > You mean a tree of the whole keystore, but not chain for each entry. Right? > Right.
Andrew > Max > > On 01/18/2011 09:26 AM, Xuelei Fan wrote: >> I would like to see a option to display the intuitive tree. For example: >> $ keytool -list -tree -keystore ... >> + root CA alias >> + intermediate CA alias >> + entity cert 1 alias >> + entity cert 2 alias >> >> Andrew >> >> On 1/17/2011 4:59 PM, Weijun Wang wrote: >>> Hi All >>> >>> I have a keystore with a bunch of testing root CA, intermediate CA and >>> entity certs, some PrivateKeyEntry and some TrustedCertEntry, and it's >>> quite difficult to know who signs who. Therefore I suggest some >>> enhancement for the simple "keytool -list". (by simple, I mean no "-v"). >>> >>> The entry will look like: >>> >>> user, Sep 6, 2007, PrivateKeyEntry, user - signer - rootca(self) >>> >>> Here, "user - signer - bigca(self)" means the entry's cert chain has 3 >>> certs, which matches aliases user, signer, and rootca in the same >>> keystore, and rootca is a self-signed cert. >>> >>> When a cert is not inside this keystore, its distinguished name can be >>> printed, like this: >>> >>> user, Sep 6, 2007, PrivateKeyEntry, user - signer - "CN=Root >>> CA"(self) >>> >>> Also, if the last cert is not self-signed, its signed can also be added >>> after "--", like this: >>> >>> user, Sep 6, 2007, PrivateKeyEntry, >>> user - signer -- "CN=Another CA"(self) >>> >>> Do you find this useful? >>> >>> Thanks >>> Max >>> >>> >>
