有没有一种方法可以加载与 java_home/jre/lib/security 文件夹中指定的证书不同的证书?
我在运行 2 或 3 个应用程序的系统中安装了一个 java。
所有应用程序都使用相同的运行时。
有没有一种方法可以为 ca 证书指定与 java_home/jre/lib/security.h 中的密钥库不同的密钥库。也就是说,是否有一个选项可以指定加载并添加到从 java_home/jre/lib/security/cacerts 加载的证书中的“额外”密钥库?
我想要避免的是每次升级盒子里的jdk时都必须重新导入我们的本地ca。
I have a single installation of java in a system that runs 2 or 3 applications.
All the applications use the same runtime.
Is there a way to specify a different keystores for the ca certs than the one in java_home/jre/lib/security. That is, is there an option to specify an "extra" keystore that is loaded and added to the certs loaded from java_home/jre/lib/security/cacerts?
What I want to avoid is having to re-import our local ca every time I upgrade the jdk in the box.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我认为您想要指定信任库:
或者如果您通过 JSSE 使用证书(您可能是),您可以将信任库复制到
$JAVA_HOME/jre/lib/security 中的目录(尽管每次安装/重新安装 JDK 时您仍然需要执行此操作)。 Sun 的 JSSE 在jssecacerts/$JAVA_HOME/jre/lib/security/cacerts之前查找$JAVA_HOME/jre/lib/security/jssecacerts。请参阅 http://java.sun。 com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager
I think you want to specify the truststore:
Or if you are using certs through JSSE (you probably are), you can copy your truststore to
jssecacertsin the$JAVA_HOME/jre/lib/security/directory (although you'd still have to do that each time a JDK got installed/reinstalled). Sun's JSSE looks for$JAVA_HOME/jre/lib/security/jssecacertsbefore$JAVA_HOME/jre/lib/security/cacerts.See http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager
这两个 jvm 选项都用于查找自定义信任库及其密码。
为了确保应用程序正在加载什么 trustStore,还请添加以下参数,
These both jvm options are used to locate custom truststore and their password.
In order to make sure what trustStore is being loaded by the application, add following argument as well,
如果您的 JVM 包含多个应用程序,则默认情况下所有应用程序都将使用位于 $JAVA_HOME/jre/lib/security/ location 中的默认 cacerts 存储。
但是,如果您希望应用程序应该使用不同的证书存储,那么您必须定义自定义证书存储并指向它。
通过这种方式,您可以创建自己的证书库。
System.setProperty("javax.net.ssl.trustStore", "C:/certStore/cusomtcacerts");-- 在创建 http/https 会话之前使用此行。
您还可以使用 keytool 将证书导入到 cusomtcacerts。
If your JVM contains more than one application then by default all the applications will use the default cacerts store which is in $JAVA_HOME/jre/lib/security/ location .
But if you want the applications should use different cert store then you have to define the custom cert store and point to that.
In this way you can create your own certstore.
System.setProperty("javax.net.ssl.trustStore", "C:/certStore/cusomtcacerts");-- Use this line before creating the http/https session.
You can import the certificates to the cusomtcacerts by using keytool also.
根据此:
Java SSE 参考指南- 定制
你可以使用系统属性:
比如:
但是!!我从来没有尝试过。让我知道它是否有效,好吗?
According to this:
Java SSE Referece Guide - Customization
You could use the system property:
Like:
But!! I have never tried. Let me know if it works would you?