【keytool】如何把安全证书导入到java中的cacerts证书库

如何将自签名证书正确导入Java密钥库,默认情况下可供所有Java应用程序使用?

在项目开发中,有时会遇到与SSL安全证书导入打交道的,如何把证书导入java中的cacerts证书库呢?




# cat install.sh

#########################################################

#!/usr/bin/env bash

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin

export JAVA_HOME="/opt/jre1.8.0_212"

plain='\033[0m'

red='\033[0;31m'

green='\033[0;32m'

yellow='\033[0;33m'

kt="${JAVA_HOME}/bin/keytool"

ct="${JAVA_HOME}/jre/lib/security/cacerts"

[ $(id -u) != 0 ] && { echo -e "[${red}Error${plain}] 当前用户不是root"; exit 1; }

function check_tool() {

    [ -f ${kt} ] || { echo -e "[${red}Error${plain}] ${JAVA_HOME}/bin/keytool不存在"; exit 1; }

    [ -f ${ct} ] || { echo -e "[${red}Error${plain}] ${JAVA_HOME}/jre/lib/security/cacerts不存在"; exit 1; }

}

function import_cacert() {

    echo -e "[${green}Info${plain}] 导入apple cacert"

    ${JAVA_HOME}/bin/keytool -import -alias apple_cacert1 -keystore ${JAVA_HOME}/jre/lib/security/cacerts -storepass "changeit"  --noprompt -trustcacerts -file AAACertificateServices.crt

    ${JAVA_HOME}/bin/keytool -import -alias apple_cacert2 -keystore ${JAVA_HOME}/jre/lib/security/cacerts -storepass "changeit"  --noprompt -trustcacerts -file USERTrustRSAAAACA.crt

    ${JAVA_HOME}/bin/keytool -import -alias apple_cacert3 -keystore ${JAVA_HOME}/jre/lib/security/cacerts -storepass "changeit"  --noprompt -trustcacerts -file COMODORSAAAACA.crt

}

function check_cacert() {

    echo -e "[${green}Info${plain}] 查询apple cacert"

    ${JAVA_HOME}/bin/keytool -list -keystore ${JAVA_HOME}/jre/lib/security/cacerts -storepass "changeit" | grep -iA1 "apple_cacert"

}

function install_apple_cacert() {

  check_tool

  import_cacert

  check_cacert

}

install_apple_cacert 2>&1 | tee install_log.log

exit 0

###############################################################


参考


如何把安全证书导入到java中的cacerts证书库

https://my.oschina.net/farces/blog/335811


一键获取站点证书导入到java信任库

https://github.com/ssbarnea/keytool-trust/blob/master/keytool-trust


有没有加载 $JAVA_HOME/lib/security 文件夹中指定的cacerts的方法?

https://cloud.tencent.com/developer/ask/51974

https://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager


How to set up Java to use user specific certificates for Eclipse?

https://stackoverflow.com/questions/663890/how-to-set-up-java-to-use-user-specific-certificates-for-eclipse

©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容