How to query and retrieve SSL certificate using Java Keytool
Steps to query and save secure LDAP certificate of an AD server that can be imported in the Java "cacerts" keystore on the Enforce server.
Steps to Query and Save an SSL Certificate from an Active Directory (AD) Server
1. Open an administrative command prompt.
2. Navigate to the JRE bin folder containing the keytool.exe utility.
3. Execute the following command to save the certificate in PEM format:
keytool.exe -printcert -sslserver ServerAddress:port -rfc > SSLCert.pem
4. This command will generate a file named SSLCert.pem in the current directory.
The SSLCert.pem file can then be imported into any Java keystore using the standard Keytool import command:
keytool.exe -importcert -keystore ..\lib\security\cacerts -alias AD_Certificate -file SSLCert.pem
This method serves as an alternative to using the OpenSSL utility.