To view details of the certificates that comprise the certificate store, it is necessary to convert the certificate store files in binary form to human-readable form.
The following examples show how to use certapp to convert a certificate store into human-readable form:
This example converts a file certificate store (cacerts.dat)
into human-readable form (cacerts.txt). The input files are cacerts.dat and cerclients.dat,
which maps the application UIDs in the certificates to application description
strings.
> certapp --bcertclients=certclients.dat --bfilecertstore=cacerts.dat
--out --hcertclients=certclients.txt --hfilecertstore=cacerts.txt
The following example shows how to convert the SWI certificate store
file into human-readable form for a device which also has a writable data
file (writable.dat) installed.
> certapp
--bcertclients=certclients.dat --bswicertstore=swicertstore.dat --bswicertstore=writable.dat
--out --hcertclients=certclients.txt --hswicertstore=swicertstore.txt
Specify the SWI certificate store files in ascending priority order, that is, specify the base SWI certificate store file first and then the writable SWI certificate store file. The tool automatically processes the writable SWI certificate store file before the base SWI certificate store file.
Notes:
Along with the certificate store file, separate files are also created
for the certificates of the store. The certificate file types depend on the
output file type. For example, if the output file is certclients.txt,
x509 certificates are dumped in files with names like certclients_certN.der,
where N is the entry number. If you specify the --pemout command-line
option, then the extension of the certificate file is .pem.
If the certificate type is not EX509Certificate, then the
extension is .dat.
For details of the formats followed by the various certificate store files, see Certificate Store Human-Readable File Formats.