How to query and retrieve server SSL certificate using Java Keytool
search cancel

How to query and retrieve server SSL certificate using Java Keytool

book

Article ID: 397174

calendar_today

Updated On: 05-12-2025

Products

Data Loss Prevention Core Package

Issue/Introduction

How to query and retrieve SSL certificate using Java Keytool

Steps to query and save secure LDAP certificate of an AD server that can be imported in the Java "cacerts" keystore on the Enforce server.

Resolution

Steps to Query and Save an SSL Certificate from an Active Directory (AD) Server

1. Open an administrative command prompt.

2. Navigate to the JRE bin folder containing the keytool.exe utility.

3. Execute the following command to save the certificate in PEM format:

     keytool.exe -printcert -sslserver ServerAddress:port -rfc > SSLCert.pem

4. This command will generate a file named SSLCert.pem in the current directory.

    The SSLCert.pem file can then be imported into any Java keystore using the standard Keytool import command:

    keytool.exe -importcert -keystore ..\lib\security\cacerts -alias AD_Certificate -file SSLCert.pem

    This method serves as an alternative to using the OpenSSL utility.