The Java JDK has an inbuilt tool(i.e. keytool) for checking the content of the JVM keystore. We can execute the following command.
/opt/jfrog/artifactory/app/third-party/java/bin/keytool -v -list -keystore /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts -storepass changeit
What is the best way to download the SSL/TLS certificate?
We can use the built-in OpenSSL tool available in the Linux operating system to download the certificate from the remote registry URLs. Here is the sample command for the reference.
openssl s_client -connect <secure authentication server IP and port> -showcerts < /dev/null > server.crt
You may refer to the following example commands.
RedHat CDN:
openssl s_client -connect cdn.redhat.com:443 -showcerts < /dev/null > redhat-server.crt
LDAP or Active Directory:
openssl s_client -connect the.ldap.server.net:636 -showcerts < /dev/null > ldap-server.crt
OAuth (Use the Authorization URL). For example, with GitHub:
openssl s_client -connect github.com:443 -showcerts < /dev/null > github-server.crt