This article aims to provide a command line mechanism to query and identify the trusted certificates in VMware Identity Manager's keystore. 

VMware Identity Manager 3.3.x

Note:

• The default location of vIDM's keystore is: /usr/local/horizon/conf/idm-cacerts
• The location for the keystore password is: /usr/local/horizon/conf/cakeystore.pass.
• It is suggested not tamper with the contents of these files directly. 

Steps to identify Certificates in VIDM;s trusted key store:

1. SSH into the vIDM appliance:
2. Run the following command to list all details of all certificates stored in the vIDM keystore:
   • /usr/java/jre-vmware/bin/keytool -list -v -keystore /usr/local/horizon/conf/idm-cacerts -storepass `cat /usr/local/horizon/conf/cakeystore.pass` -storetype JKS
     
     
   • Additionally, if you just seek details of the owner and serial number of the certificates, for uniquely identifying your certificates:
     • /usr/java/jre-vmware/bin/keytool -list -v -keystore /usr/local/horizon/conf/idm-cacerts -storepass `cat /usr/local/horizon/conf/cakeystore.pass` -storetype JKS |  grep -E 'Owner:|Serial number:'

Do not use the keytool directly for modification of the keystore unless recommended by the VIDM Product Team or GS Team.

To import certificates into the vIDM trust store, use the https://vidm_fqdn:8443/cfg page.
Refer procedure similar to:
Installing Trusted Root Certificates