Can someone please help me with the following, I googled before hand but did not find a blog outlining what I wanted to do, thanks in advance.
I have and internal test PKI (based on AD CS). I have imported the Root CA certificate and the Issuing CA Certificate (minus their private keys) into the CACerts java key store (keying the GUI tool "KeyStore Explorer 5.5.1"
I have a leaf (end-entity certificate) 'outside of the Java keystore' as I want to simulate a situation where the client would obtain (be given) the leaf certificate via a WEB browser (for example when opening a TLS connection to a WEB server).
The leaf certificate is stored in a .pem flat file on the same computer where it was create (using Windows default method so private key for the cert is in the Windows keyStore). The computer also contains the Java KeyStore CACerts (where I imported the CA certs as above) and the Java JDK (so Keytool.exe for example)
So what I need to do (ideally using Keytool or a pre-made script suitable for Windows) is point to the leaf .pem certificate and say go check the certificate chain of this leaf certificate but using the CA certs held in CACerts keystore
Can someone kindly tell me how to do this as the only examples I have seen this far are about checking the chain for certs already in the CACerts keystore. Whereas I want to check the chain of a .pem flat file against the CA certs held in the CACerts java keystore
Thanks everyone
CXMelga
