Hello The topic of getting the certificate chain of a server comes up repeatably, see for example [1]. While not difficult it's still quite a bit of code to implement. The JDK also has need for this in keystool and the code is implemented as a CertStoreSpi in sun.security.provider.certpath.ssl.SSLServerCertStore. Unfortunately the class is not registered by a security provider like JdkLDAP. Keytool calls the class directly, even creates as sublclass of CertStore.
Is there any reason SSLServerCertStore is not registered? I would be willing to work on a patch with some guidance. [1] https://stackoverflow.com/questions/19297446/extract-server-certificates Regards Philippe
