I need to import a certificate into my JVM keystore. I am using the following:
我需要将证书导入我的JVM密钥库。我使用以下内容:
keytool -import -alias daldap -file somecert.cer
so I would need to probably change my call into something like:
所以我需要将我的调用改为:
keytool -import -alias daldap -file somecert.cer -keystore cacerts –storepass changeit
7 个解决方案
#1
94
Your keystore will be in your JAVA_HOME---> JRE -->lib---> security--> cacerts. You need to check where your JAVA_HOME is configured, possibly one of these places,
你的密钥库将在你的JAVA_HOME ---> JRE - > lib ---> security - > cacerts中。您需要检查JAVA_HOME的配置位置,可能是其中一个位置,
-
Computer--->Advanced --> Environment variables---> JAVA_HOME
计算机--->高级 - >环境变量---> JAVA_HOME
-
Your server startup batch files.
您的服务器启动批文件。
In your import command -keystore cacerts (give full path to the above JRE here instead of just saying cacerts).
在你的import命令-keystore cacerts中(在这里提供上述JRE的完整路径,而不仅仅是说cacerts)。
#2
28
Keystore Location
密钥库位置
Each keytool command has a -keystore option for specifying the name and location of the persistent keystore file for the keystore managed by keytool. The keystore is by default stored in a file named .keystore in the user's home directory, as determined by the "user.home" system property. Given user name uName, the "user.home" property value defaults to
每个keytool命令都有一个-keystore选项,用于指定由keytool管理的密钥库的持久密钥库文件的名称和位置。密钥库默认存储在用户主目录中名为.keystore的文件中,由“user.home”系统属性确定。给定用户名uName,“user.home”属性值默认为
C:\Users\uName on Windows 7 systems
C:\Winnt\Profiles\uName on multi-user Windows NT systems
C:\Windows\Profiles\uName on multi-user Windows 95 systems
C:\Windows on single-user Windows 95 systems
Thus, if the user name is "cathy", "user.home" defaults to
因此,如果用户名是“cathy”,则“user.home”默认为
C:\Users\cathy on Windows 7 systems
C:\Winnt\Profiles\cathy on multi-user Windows NT systems
C:\Windows\Profiles\cathy on multi-user Windows 95 systems
http://docs.oracle.com/javase/1.5/docs/tooldocs/windows/keytool.html
http://docs.oracle.com/javase/1.5/docs/tooldocs/windows/keytool.html
#3
14
Mac OS X 10.12 with Java 1.8:
使用Java 1.8的Mac OS X 10.12:
$JAVA_HOME/jre/lib/security
$ JAVA_HOME / JRE / lib / security中
cd $JAVA_HOME
/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home
/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home
From there it's in:
从那里它是:
./jre/lib/security
I have a cacerts keystore in there.
我有一个cacerts密钥库。
To specify this as a VM option:
要将其指定为VM选项:
-Djavax.net.ssl.trustStore=/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit
I'm not saying this is the correct way (Why doesn't java know to look within JAVA_HOME?), but this is what I had to do to get it working.
我不是说这是正确的方法(为什么java不知道在JAVA_HOME中查看?),但这是我必须做的才能让它工作。
#4
12
This works for me:
这对我有用:
#! /bin/bash
CACERTS=$(readlink -e $(dirname $(readlink -e $(which keytool)))/../lib/security/cacerts)
if keytool -list -keystore $CACERTS -storepass changeit > /dev/null ; then
echo $CACERTS
else
echo 'Can not find cacerts file.' >&2
exit 1
fi
Only for Linux. My Solaris has no readlink. In the end I used this Perl-Script:
仅适用于Linux。我的Solaris没有readlink。最后我使用了这个Perl-Script:
#! /usr/bin/env perl
use strict;
use warnings;
use Cwd qw(realpath);
$_ = realpath((grep {-x && -f} map {"$_/keytool"} split(':', $ENV{PATH}))[0]);
die "Can not find keytool" unless defined $_;
my $keytool = $_;
print "Using '$keytool'.\n";
s/keytool$//;
$_ = realpath($_ . '../lib/security/cacerts');
die "Can not find cacerts" unless -f $_;
my $cacerts = $_;
print "Importing into '$cacerts'.\n";
`$keytool -list -keystore "$cacerts" -storepass changeit`;
die "Can not read key container" unless $? == 0;
exit if $ARGV[0] eq '-d';
foreach (@ARGV) {
my $cert = $_;
s/\.[^.]+$//;
my $alias = $_;
print "Importing '$cert' as '$alias'.\n";
`keytool -importcert -file "$cert" -alias "$alias" -keystore "$cacerts" -storepass changeit`;
warn "Can not import certificate: $?" unless $? == 0;
}
#5
11
You can find it in your "Home" directory:
您可以在“主页”目录中找到它:
On windows 7:
在Windows 7上:
C:\User\[YOUR ACCOUNT]\.keystore
On Linux (Ubuntu):
在Linux(Ubuntu)上:
/home/[YOUR ACCOUNT]/.keystore
#6
6
As DimtryB mentioned, by default the keystore is under the user directory. But if you are trying to update the cacerts file, so that the JVM can pick the keys, then you will have to update the cacerts file under jre/lib/security. You can also view the keys by executing the command keytool -list -keystore cacerts to see if your certificate is added.
正如DimtryB所提到的,默认情况下,密钥库位于用户目录下。但是,如果您尝试更新cacerts文件,以便JVM可以选择密钥,那么您将不得不更新jre / lib / security下的cacerts文件。您还可以通过执行命令keytool -list -keystore cacerts来查看密钥,以查看是否添加了证书。
#7
0
We encountered this issue on a Tomcat running from a jre directory that was (almost fully) removed after an automatic jre update, so that the running jre could no longer find jre.../lib/security/cacerts because it no longer existed.
我们在从自动jre更新后(几乎完全)删除的jre目录运行的Tomcat上遇到此问题,因此运行的jre无法再找到jre ... / lib / security / cacerts,因为它已不存在。
Restarting Tomcat (after changing the configuration to run from the different jre location) fixed the problem.
重新启动Tomcat(在将配置更改为从不同的jre位置运行之后)修复了问题。
#1
94
Your keystore will be in your JAVA_HOME---> JRE -->lib---> security--> cacerts. You need to check where your JAVA_HOME is configured, possibly one of these places,
你的密钥库将在你的JAVA_HOME ---> JRE - > lib ---> security - > cacerts中。您需要检查JAVA_HOME的配置位置,可能是其中一个位置,
-
Computer--->Advanced --> Environment variables---> JAVA_HOME
计算机--->高级 - >环境变量---> JAVA_HOME
-
Your server startup batch files.
您的服务器启动批文件。
In your import command -keystore cacerts (give full path to the above JRE here instead of just saying cacerts).
在你的import命令-keystore cacerts中(在这里提供上述JRE的完整路径,而不仅仅是说cacerts)。
#2
28
Keystore Location
密钥库位置
Each keytool command has a -keystore option for specifying the name and location of the persistent keystore file for the keystore managed by keytool. The keystore is by default stored in a file named .keystore in the user's home directory, as determined by the "user.home" system property. Given user name uName, the "user.home" property value defaults to
每个keytool命令都有一个-keystore选项,用于指定由keytool管理的密钥库的持久密钥库文件的名称和位置。密钥库默认存储在用户主目录中名为.keystore的文件中,由“user.home”系统属性确定。给定用户名uName,“user.home”属性值默认为
C:\Users\uName on Windows 7 systems
C:\Winnt\Profiles\uName on multi-user Windows NT systems
C:\Windows\Profiles\uName on multi-user Windows 95 systems
C:\Windows on single-user Windows 95 systems
Thus, if the user name is "cathy", "user.home" defaults to
因此,如果用户名是“cathy”,则“user.home”默认为
C:\Users\cathy on Windows 7 systems
C:\Winnt\Profiles\cathy on multi-user Windows NT systems
C:\Windows\Profiles\cathy on multi-user Windows 95 systems
http://docs.oracle.com/javase/1.5/docs/tooldocs/windows/keytool.html
http://docs.oracle.com/javase/1.5/docs/tooldocs/windows/keytool.html
#3
14
Mac OS X 10.12 with Java 1.8:
使用Java 1.8的Mac OS X 10.12:
$JAVA_HOME/jre/lib/security
$ JAVA_HOME / JRE / lib / security中
cd $JAVA_HOME
/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home
/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home
From there it's in:
从那里它是:
./jre/lib/security
I have a cacerts keystore in there.
我有一个cacerts密钥库。
To specify this as a VM option:
要将其指定为VM选项:
-Djavax.net.ssl.trustStore=/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit
I'm not saying this is the correct way (Why doesn't java know to look within JAVA_HOME?), but this is what I had to do to get it working.
我不是说这是正确的方法(为什么java不知道在JAVA_HOME中查看?),但这是我必须做的才能让它工作。
#4
12
This works for me:
这对我有用:
#! /bin/bash
CACERTS=$(readlink -e $(dirname $(readlink -e $(which keytool)))/../lib/security/cacerts)
if keytool -list -keystore $CACERTS -storepass changeit > /dev/null ; then
echo $CACERTS
else
echo 'Can not find cacerts file.' >&2
exit 1
fi
Only for Linux. My Solaris has no readlink. In the end I used this Perl-Script:
仅适用于Linux。我的Solaris没有readlink。最后我使用了这个Perl-Script:
#! /usr/bin/env perl
use strict;
use warnings;
use Cwd qw(realpath);
$_ = realpath((grep {-x && -f} map {"$_/keytool"} split(':', $ENV{PATH}))[0]);
die "Can not find keytool" unless defined $_;
my $keytool = $_;
print "Using '$keytool'.\n";
s/keytool$//;
$_ = realpath($_ . '../lib/security/cacerts');
die "Can not find cacerts" unless -f $_;
my $cacerts = $_;
print "Importing into '$cacerts'.\n";
`$keytool -list -keystore "$cacerts" -storepass changeit`;
die "Can not read key container" unless $? == 0;
exit if $ARGV[0] eq '-d';
foreach (@ARGV) {
my $cert = $_;
s/\.[^.]+$//;
my $alias = $_;
print "Importing '$cert' as '$alias'.\n";
`keytool -importcert -file "$cert" -alias "$alias" -keystore "$cacerts" -storepass changeit`;
warn "Can not import certificate: $?" unless $? == 0;
}
#5
11
You can find it in your "Home" directory:
您可以在“主页”目录中找到它:
On windows 7:
在Windows 7上:
C:\User\[YOUR ACCOUNT]\.keystore
On Linux (Ubuntu):
在Linux(Ubuntu)上:
/home/[YOUR ACCOUNT]/.keystore
#6
6
As DimtryB mentioned, by default the keystore is under the user directory. But if you are trying to update the cacerts file, so that the JVM can pick the keys, then you will have to update the cacerts file under jre/lib/security. You can also view the keys by executing the command keytool -list -keystore cacerts to see if your certificate is added.
正如DimtryB所提到的,默认情况下,密钥库位于用户目录下。但是,如果您尝试更新cacerts文件,以便JVM可以选择密钥,那么您将不得不更新jre / lib / security下的cacerts文件。您还可以通过执行命令keytool -list -keystore cacerts来查看密钥,以查看是否添加了证书。
#7
0
We encountered this issue on a Tomcat running from a jre directory that was (almost fully) removed after an automatic jre update, so that the running jre could no longer find jre.../lib/security/cacerts because it no longer existed.
我们在从自动jre更新后(几乎完全)删除的jre目录运行的Tomcat上遇到此问题,因此运行的jre无法再找到jre ... / lib / security / cacerts,因为它已不存在。
Restarting Tomcat (after changing the configuration to run from the different jre location) fixed the problem.
重新启动Tomcat(在将配置更改为从不同的jre位置运行之后)修复了问题。