请到官方下载openssl

下载到本地之后解压，将要查看的证书放到openssl目录下

打开command窗口

具体命令请参考下文：

One way to verify if "keytool" did export my certificate using DER and PEM formats correctly or not is to use "OpenSSL" to view those certificate files. To do this, I used the "openssl x509" command to view keytool_crt.der and keytool_crt.pem:

>openssl x509 -in keytool_crt.pem -inform pem -noout -textCertificate:    Data:        Version: 3 (0x2)        Serial Number: 1185636568 (0x46ab60d8)        Signature Algorithm: dsaWithSHA1        Issuer: C=CA, ST=Herong State, L=Herong City, ...        ...>openssl x509 -in keytool_crt.der -inform der -noout -textCertificate:    Data:        Version: 3 (0x2)        Serial Number: 1185636568 (0x46ab60d8)        Signature Algorithm: dsaWithSHA1        Issuer: C=CA, ST=Herong State, L=Herong City, ...        O=Herong Company, OU=Heron        ...

Cool. "OpenSSL" can read certificates in DER and PEM formats generated by "keytool". What I learned so far:

• "keytool" can generate self-signed X5.09 version 3 certificates.
• "keytool" can export certificates with DER and PEM formats.
• "OpenSSL" can read certificates generated by "keytool" in both DER and PEM formats.