This knowledge article provides a Linux shell script which can be executed on any Authentication Manager instance in a deployment to list the contents of the JKS files found in /opt/rsa/am/server/security. 

The Linux shell script must be executed with root privileges and requires the Operations Console username and password.

Installation

1. Download and copy the attached AMJKSlist.sh shell script into /tmp on the Authentication Manager instance in the deployment. Review the article on how to enable Secure Shell on the Appliance, if needed. Where SSH has been enabled, a secure FTP client, such as WinSCP can be used to copy the shell script into /tmp.
2. Change the permissions of the AMJKSlist.sh shell script so it can be executed at the command line:

chmod 755 /tmp/AMJKSlist.sh

Usage

1. Logon to the Authentication Manager instance with the rsaadmin account, either in an SSH session or at the local console.
   Note that during Quick Setup a username other than rsaadmin may have been selected. Use that username to login.

2. Change the privileges of the rsaadmin account using the command:

sudo su -

You must be the root user to use this program; exiting...

3. Navigate to /tmp:

cd /tmp

4. The shell script can be executed in one of two ways, as Operations Console user credentials are required.

cd /tmp
./AMJKSlist.sh <Operations Console administrator name> <Operations Console administrator password>
Checking OC credentails.. 
OC credentials validated... redirecting to menu..

cd /tmp
./AMJKSlist.sh 
Checking OC credentials....missing OC credentials!
Please enter OC Administrator username: <enter Operations Console administrator name> 
Please enter OC Administrator password: <enter Operations Console administrator password> 
 
OC credentials validated... redirecting to menu..

5. The shell script menu displays:

RSA Customer Support (Asia Pacific)

Listing Authentication Manager Java KeyStore Contents

1) Display JKS Passwords
2) Generate a Report - JKS Contents
9) Exit

Please select an option

Display JKS Passwords

RSA Customer Support (Asia Pacific)

Listing Authentication Manager Java KeyStore Contents

1) Display JKS Passwords
2) Generate a Report - JKS Contents
9) Exit

Please select an option
1
Obtaining the JKS passwords..

SSL Client Identity Certificate Keystore File Password : CghsVPZIqimVOh7VTnf3LYbyoZ156H
SSL Server Identity Certificate Keystore File Password : lfN25RuibhUMUPToxfwir2eyFy066e
Root Certificate Keystore File Password : hWjA09JSGwRAxhh3UGydXcdLJ63Iw1
SSL Trust Store File Password : PmUzMsNOBP7UGcLhuELpfMAyb9h2fU

done!

Press any key to continue...

RSA Customer Support (Asia Pacific)

Listing Authentication Manager Java Ketstore Contents

1) Display JKS Passwords
2) Generate a Report - JKS Contents
9) Exit

Please select an option
2
Obtaining the JKS passwords..done!
Generating the report..
Listing contents of /opt/rsa/am/server/security/DemoIdentity.jks to file..
Listing contents of /opt/rsa/am/server/security/biztier-identity.jks to file..
Listing contents of /opt/rsa/am/server/security/caStore.jks to file..
Listing contents of /opt/rsa/am/server/security/console-identity.jks to file..
Listing contents of /opt/rsa/am/server/security/trust.jks to file..
Listing contents of /opt/rsa/am/server/security/vh-identity.jks to file..
Listing contents of /opt/rsa/am/server/security/vh-inactive.jks to file..
Listing contents of /opt/rsa/am/server/security/webserver-identity.jks to file..
Listing contents of /opt/rsa/am/server/security/webserver-inactive.jks to file..
Listing contents of /opt/rsa/am/server/security/webtier-identity-webtier01.jks to file..
done!

Report filename : /tmp/AMJKS-report_201810301412.log

Press any key to continue...

RSA Customer Support (Asia Pacific)

Listing Authentication Manager Java Ketstore Contents

1) Display JKS Passwords
2) Generate a Report - JKS Contents
9) Exit

Please select an option
9
Bye!

Example Report

RSA Customer Support (Asia Pacific) (1412-30102018)

Listing Authentication Manager Java KeyStore Contents

Authentication Manager JKS Filename : /opt/rsa/am/server/security/DemoIdentity.jks

Authentication Manager JKS Filename : /opt/rsa/am/server/security/biztier-identity.jks


Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

Alias name: server_identity_key_webserver
Creation date: Oct 24, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: SERIALNUMBER=19a5d1309aa75cf8691381cb6a280aa3ca2be80fa83787e205756d77716f9f2b, CN=app82p.csau.ap.rsa.net
Issuer: SERIALNUMBER=ca8b90357e5c73bc759f681735c258e96efbb72f50814403ffd0261e5dc700d3, CN=RSA root CA for app82p.csau.ap.rsa.net
Serial number: 59238e1417ac4b9cfd2a7dd9193b9ece
Valid from: Tue Oct 23 13:46:47 AEDT 2018 until: Thu Jan 01 00:00:00 AEDT 2037
Certificate fingerprints:
         MD5:  88:47:12:51:EA:4C:11:73:68:C1:27:0F:6A:1D:12:6B
         SHA1: EE:6E:36:31:CB:F9:8E:D0:49:71:22:DF:2A:8A:16:71:06:4E:D6:83
         SHA256: 6F:2B:49:98:D9:EC:7F:AC:F2:B4:B0:7B:C9:66:A3:35:97:D6:42:37:42:EC:6B:93:A5:B0:1B:D6:28:50:14:E9
         Signature algorithm name: SHA256withRSA
         Version: 3
Certificate[2]:
Owner: SERIALNUMBER=ca8b90357e5c73bc759f681735c258e96efbb72f50814403ffd0261e5dc700d3, CN=RSA root CA for app82p.csau.ap.rsa.net
Issuer: SERIALNUMBER=ca8b90357e5c73bc759f681735c258e96efbb72f50814403ffd0261e5dc700d3, CN=RSA root CA for app82p.csau.ap.rsa.net
Serial number: 4df353521ef573fd66bdc41bd67240c2
Valid from: Tue Oct 23 13:46:46 AEDT 2018 until: Thu Jan 01 00:00:00 AEDT 2037
Certificate fingerprints:
         MD5:  2B:D2:89:B6:C8:AF:6E:DE:AB:F3:68:F0:C6:68:11:79
         SHA1: E9:61:17:A2:E2:6A:D0:18:0D:2F:C2:6E:8E:C4:EF:56:F6:0A:40:47
         SHA256: 4D:E9:10:D3:D1:51:49:16:C0:36:D1:52:2F:D5:02:A6:8E:7D:9E:E9:60:AD:08:C8:21:0E:6E:64:E0:D8:B6:67
         Signature algorithm name: SHA256withRSA
         Version: 3


*******************************************
*******************************************

...
...
...