# keytool -importcert -keystore /usr/local/openjdk-8/lib/security/cacerts.jks -storepass changeit -alias graylog-self-signed -file /etc/ssl/certs/onsrbh-serv-netcoole-DU09.tlabs.ca.pem
Owner: CN=onsrbh-serv-netcoole-DU09.tlabs.ca, OU=World Class Assurance Team, O=TELUS, L=Toronto, ST=Ontario, C=CA
Issuer: CN=TCSO-issuing-CA, DC=corp, DC=ads
Serial number: 2d00013c40af2bedbaa63d9342000000013c40
Valid from: Thu Apr 07 14:55:59 UTC 2022 until: Fri Apr 05 09:00:00 UTC 2024
Certificate fingerprints:
SHA1: 96:A8:48:B6:E5:9E:31:E1:04:30:63:F6:A6:9D:46:E5:A4:8F:AF:66
SHA256: D1:48:0B:B9:C3:29:A3:7B:39:7B:A8:A1:28:B9:BF:71:83:83:FA:0F:1D:6F:53:3D:62:C1:10:45:8F:C5:6E:53
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
0000: 30 18 30 0A 06 08 2B 06 01 05 05 07 03 02 30 0A 0.0...+.......0.
0010: 06 08 2B 06 01 05 05 07 03 01 ..+.......
#2: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
0000: 30 2D 06 25 2B 06 01 04 01 82 37 15 08 81 B4 BB 0-.%+.....7.....
0010: 4F 81 D6 DF 7D 87 CD 87 35 81 8A FC 52 85 C2 FA O.......5...R...
0020: 2B 22 9E FA 3C 86 F2 8D 13 02 01 64 02 01 19 +"..<......d...
#3: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=TCSO-issuing-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=corp,DC=ads?cACertificate?base?objectClass=certificationAuthority
,
accessMethod: caIssuers
accessLocation: URIName: http://btwp013980/cdp/btwp013979.corp.ads_TCSO-issuing-CA.crt
,
accessMethod: caIssuers
accessLocation: URIName: http://btwp013983/cdp/btwp013979.corp.ads_TCSO-issuing-CA.crt
,
accessMethod: caIssuers
accessLocation: URIName: http://wp81174/cdp/btwp013979.corp.ads_TCSO-issuing-CA.crt
,
accessMethod: caIssuers
accessLocation: URIName: http://wp81175/cdp/btwp013979.corp.ads_TCSO-issuing-CA.crt
,
accessMethod: caIssuers
accessLocation: URIName: http://tcsocdp.tsl.telus.com/CertEnroll/btwp013979.corp.ads_TCSO-issuing-CA.crt
,
accessMethod: ocsp
accessLocation: URIName: http://tcsocdp.tsl.telus.com/ocsp
]
]
#4: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AB 49 AF B3 5D A1 42 D3 4A E4 7D 7D B4 93 D9 7B .I..].B.J.......
0010: C3 2B ED EF .+..
]
]
#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=TCSO-issuing-CA,CN=btwp013979,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=corp,DC=ads?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://tcsocdp.tsl.telus.com/CertEnroll/TCSO-issuing-CA.crl, URIName: http://btwp013980/cdp/TCSO-issuing-CA.crl, URIName: http://btwp013983/cdp/TCSO-issuing-CA.crl, URIName: http://wp81174/cdp/TCSO-issuing-CA.crl, URIName: http://wp81175/cdp/TCSO-issuing-CA.crl]
]]
#6: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
#7: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
#8: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: onsrbh-serv-netcoole-DU09.tlabs.ca
DNSName: onsrbh-serv-netcoole-DU09
IPAddress: 172.18.102.20
IPAddress: 172.18.72.210
]
#9: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CD B5 8A 68 08 78 DC 8B AF 13 F3 05 CE 60 18 83 ...h.x.......`..
0010: 68 68 33 C8 hh3.
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
# keytool -keystore /usr/local/openjdk-8/lib/security/cacerts.jks -storepass changeit -list | grep graylog-self-signed -A1
graylog-self-signed, Apr 14, 2022, trustedCertEntry,
**Certificate fingerprint (SHA-256): D1:48:0B:B9:C3:29:A3:7B:39:7B:A8:A1:28:B9:BF:71:83:83:FA:0F:1D:6F:53:3D:62:C1:10:45:8F:C5:6E:53**
#
when i import the self singed certiticate i can see both SHA1 and sha256 certificate fingerprint … while listing i can see certifiacte fingerprint match with sha256 and as per graylog document it should match with SHA1 …is it expected behavior or i have to change the certifiacte format