Sure. How many info do you want to see? I can prepend `keytool -printcert` but that's too much. At least I think the extensions part is not needed. Also, I don't wish people reading the fingerprint inside as genuine and does not calculate it from the cert itself.
So, I'm thinking of Owner: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Serial number: 50946cec18ead59c4dd597ef758fa0ad Valid from: 1 Nov 2004 17:14:04 GMT until: 1 Jan 2035 05:37:19 GMT Signature algorithm name: SHA1withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Is that OK? Thanks, Max p.s. `keytool -printcert` shows validity in local timezone. Does not look good to me. > On May 31, 2019, at 6:51 AM, Sean Mullan <sean.mul...@oracle.com> wrote: > > One suggestion is to put a printable form of the contents of the certificate > at the top of each of the PEM files. It would be nice as a quick-look to see > what is in the certificate. Of course, you can also use keytool -printcert to > do that, but if I am just perusing the source code via a browser or something > like that, it would be nice to not have to do that. > > --Sean > > On 5/30/19 9:01 AM, Weijun Wang wrote: >> Please take a review at >> http://cr.openjdk.java.net/~weijun/8193255/webrev.00/ >> Please pay attention to the 1st 3 and the last 2 files. Others are PEM files >> for all certs inside the original cacerts. >> There is one thing I cannot get correct. If I update the >> GenerateCacerts.java file and rerun make, the cacerts file is unchanged. I >> thought the following line >> $(GENDATA_CACERTS): $(BUILD_TOOLS) $(GENDATA_CACERTS_SRC) >> means when when the tool is changed, GENDATA_CACERTS will be called. >> Thanks, >> Max
