posted 12 years ago
Every X509 v3 digital certificate will have a certificate extension called SubjectKeyIdentifier (SKI). This is a hash (usually MD5 of SHA1) of the raw public key in the certificate. Compare this hash to the hash found in the SKI extension of the certificate in the JKS file. If the hashes match, they are the same public key.
Note that even if the hashes of the public-keys match, they are not likely the same certificate - just the same key. Depending on how the certificate was created and who issued it, the digital certificates could have completely different Subject DNs, key-usages, etc. If you need to determine if the certificates are identical, then you need to match up the Issuer DNs, the Subject DNs, the AuthorityKeyIdentifier (AKI) values, the SKI values and certificate serial numbers before you can determine that they are the same certificates.
Arshad Noor
StrongAuth, Inc.