"trust dump" - Dump Information from Linux Trust Store

PKI Certificate Tutorials - Herong's Tutorial Examples

∟"trust dump" - Dump Information from Linux Trust Store

This section provides tutorial examples on dumping certificate information from Linux Trust Store using the 'trust dump' command.

If you want to see more detailed information of specific certificate in the Linux Trust Store, you can use the "trust dum" command as shown below:

 
herong$ trust dump \
  --filter="pkcs11:id=%03%DE%50%35%56%D1%4C%BB%66%F0%A3%E2%1B%1B%C3%97%B2%3D%D1%55;type=cert"

# pkcs11:id=%03%DE%50%35%56%D1%4C%BB%66%F0%A3%E2%1B%1B%C3%97%B2%3D%D1%55;type=cert
[p11-kit-object-v1]
private: false
label: "DigiCert Global Root CA"
issuer: "0a1%0B0%09%06%03U%04%06%13%02US1%150%13%06%03U%04%0A%13%0CDigiCert Inc... 
serial-number: "%02%10%08%3B%E0V%90BF%B1%A1uj%C9Y%91%C7J"
trusted: true
certificate-category: authority
java-midp-security-domain: 0
url: ""
hash-of-subject-public-key: "%D5.%13%C1%AB%E3I%DA%E8%B4%95%94%EF%7C8C%60df%BD"
hash-of-issuer-public-key: ""
check-value: "%A8%98%5D"
subject: "0a1%0B0%09%06%03U%04%06%13%02US1%150%13%06%03U%04%0A%13%0CDigiCert Inc...
id: "%03%DEP5V%D1L%BBf%F0%A3%E2%1B%1B%C3%97%B2%3D%D1U"
start-date: "20061110"
end-date: "20311110"
modifiable: false
nss-mozilla-ca-policy: true
x-distrusted: false
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
...

herong$ trust dump \
  --filter="pkcs11:id=%88%68%BF%E0%8E%35%C4%3B%38%6B%62%F7%28%3B%84%81%C8%0C%D7%4D;type=cert" 

# pkcs11:id=%88%68%BF%E0%8E%35%C4%3B%38%6B%62%F7%28%3B%84%81%C8%0C%D7%4D;type=cert
[p11-kit-object-v1]
private: false
label: "Explicitly Distrust DigiNotar Root CA"
issuer: "0_1%0B0%09%06%03U%04%06%13%02NL1%120%10%06%03U%04%0A%13%09DigiNotar1%1A0%1...
A1 0%1E%06%09%2A%86H%86%F7%0D%01%09%01%16%11info%40diginotar.nl"
serial-number: "%02%10%0F%FF%FF%FF%FF%FF%FF%FF%FF%FF%FF%FF%FF%FF%FF%FF"
trusted: false
certificate-category: authority
java-midp-security-domain: 0
url: ""
hash-of-subject-public-key: "A%0F662X%F3%0B4%7D%12%CEHc%E43Cx%06%A8"
hash-of-issuer-public-key: ""
check-value: "%C1w%CB"
subject: "0_1%0B0%09%06%03U%04%06%13%02NL1%120%10%06%03U%04%0A%13%09DigiNotar1%1A0%...
CA1 0%1E%06%09%2A%86H%86%F7%0D%01%09%01%16%11info%40diginotar.nl"
id: "%88h%BF%E0%8E5%C4%3B8kb%F7%28%3B%84%81%C8%0C%D7M"
start-date: "20070727"
end-date: "20250331"
modifiable: false
nss-mozilla-ca-policy: true
x-distrusted: true
-----BEGIN CERTIFICATE-----
MIIFijCCA3KgAwIBAgIQD////////////////////zANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp
...

Note that how trust information is included in the output:

trusted: true | false 
x-distrusted: false | true

Table of Contents

About This Book

Introduction of PKI (Public Key Infrastructure)

Introduction of PKI Certificate

PKI Certificate File Formats

OpenSSL - Cryptography Toolkit

"openssl ca" - CA (Certificate Authority) Tool

Java "keytool" Commands and KeyStore Files

PKI Certificate Store

PKCS12 Certificate Bundle File

PKCS7 Certificate Chain File

►Linux Trust Store for CA Certificates

Directory and Files of Linux Trust Store

"trust" Command to Manage Linux Trust Store

"trust list" - Search Certificates in Linux Trust Store

"trust extract" - Extract Certificates from Linux Trust Store

►"trust dump" - Dump Information from Linux Trust Store

"trust anchor" - Add and Remove Certificates.

ca-certificates - Linux CA Certificate Package

update-ca-trust Command on Red Hat Computers

PKI Certificate Related Terminology

References

Full Version in PDF/EPUB