Reading the code of sun/security/tools/keytool/Main.java ----------------- int i = 0; for (Certificate cert : chain) { try { if (rfc) { dumpCert(cert, out); } else { out.println("Certificate #" + i++); out.println("===================================="); printX509Cert((X509Certificate)cert, out); out.println(); } ///// the following line can output "certificate 3 of 2" because oneInMany prints (i+1) checkWeak(oneInMany(rb.getString("the.certificate"), i, chain.size()), cert); -----------------