Find current self-signed certificate used by SKFS

To find the current certificate SKFS is using follow the following steps:

Log into as "strongkey " user.
Run the following command to list the certificate in use by SKFS.

keytool -list -keystore /usr/local/strongkey/payara5/glassfish/domains/domain1/config/keystore.jks -alias s1as -v

NOTE: The default keystore password is: “changeit”

Example output:

Enter keystore password:
Alias name: s1as
Creation date: Nov 28, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=demo.strongkey.com, OU=StrongKey FidoServer
Issuer: CN=demo.strongkey.com, OU=StrongKey FidoServer
Serial number: 617ec7c1
Valid from: Mon Nov 28 16:33:58 PST 2022 until: Sun Aug 29 17:33:58 PDT 2032
Certificate fingerprints:
	 SHA1: 0C:DF:78:31:6B:FD:C8:D8:44:B7:63:BD:07:27:BA:20:C4:97:61:95
	 SHA256: DE:47:66:60:1D:69:35:A1:C3:FF:08:B7:F5:62:C7:98:C5:DB:AB:76:14:37:05:85:8B:E0:81:D0:91:27:74:26
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 24 AC 24 F6 DA 5B 85 47   C2 D7 E0 FD D0 B8 41 A5  $.$..[.G......A.
0010: 6C 8E 99 6D                                        l..m
]
]


Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /usr/local/strongkey/payara5/glassfish/domains/domain1/config/keystore.jks -destkeystore /usr/local/strongkey/payara5/glassfish/domains/domain1/config/keystore.jks -deststoretype pkcs12".