Converting a Certificate Store into Human-Readable Form

To view details of the certificates that comprise the certificate store, it is necessary to convert the certificate store files in binary form to human-readable form.

The following examples show how to use certapp to convert a certificate store into human-readable form:

  • This example converts a file certificate store (cacerts.dat) into human-readable form (cacerts.txt). The input files are cacerts.dat and cerclients.dat, which maps the application UIDs in the certificates to application description strings.

    > certapp --bcertclients=certclients.dat --bfilecertstore=cacerts.dat --out --hcertclients=certclients.txt --hfilecertstore=cacerts.txt

  • The following example shows how to convert the SWI certificate store file into human-readable form for a device which also has a writable data file (writable.dat) installed.

    > certapp --bcertclients=certclients.dat --bswicertstore=swicertstore.dat --bswicertstore=writable.dat --out --hcertclients=certclients.txt --hswicertstore=swicertstore.txt

    Specify the SWI certificate store files in ascending priority order, that is, specify the base SWI certificate store file first and then the writable SWI certificate store file. The tool automatically processes the writable SWI certificate store file before the base SWI certificate store file.

Notes:

  • Along with the certificate store file, separate files are also created for the certificates of the store. The certificate file types depend on the output file type. For example, if the output file is certclients.txt, x509 certificates are dumped in files with names like certclients_certN.der, where N is the entry number. If you specify the --pemout command-line option, then the extension of the certificate file is .pem. If the certificate type is not EX509Certificate, then the extension is .dat.

  • For details of the formats followed by the various certificate store files, see Certificate Store Human-Readable File Formats.

Related information