Validate certificates for Java certificate store via cli

How do I validate x509 (or der format) certificates on the Java certificate store from the command line?

I've studied using the keytool utility, but it looks like it only handles the import / export / display function (no validation)

Edit: it looks like keytool can be used for validation, but it can only be used when trying to import I think a better way to ask a question is whether there is a more passive method (such as not modifying the keystore) thank you!

Solution

This page may be too simplistic:

http://java.sun.com/docs/books/tutorial/security/toolfilex/rstep1.html

But it seems that you can't even use keytool for real certificate authentication I don't see any description of verifying the signature of the incoming certificate against the signature of another trusted certificate

Jarsigner verifies the signature on the signing jar, but does not verify the signature on the certificate used to sign the jar

I'm afraid you either have to write a tool to verify it, or find a business tool that can do it I think some PKI toolkits will have a certificate verification tool to do this