问题

我正在尝试将受信任的证书导入到Java cacerts keystore中,但我遇到了问题。我试图列出现有的可信证书,似乎密钥库没有密码保护。

$ keytool -list -keystore cacerts
Enter keystore password:

*****************  WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 76 entries

我试图导入一个可信证书:

$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Too many failures - try later

我还尝试将密码从"无"更改为:

$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later

#1 热门回答(191 赞)

这意味着cacerts密钥库不受密码保护

这是一个错误的假设。如果你仔细阅读,你会发现列表是在未验证密钥库完整性的情况下提供的,因为你没有提供密码。该列表不需要密码,但你的密钥库肯定有密码,如下所示:

为了验证其完整性,你必须提供密钥库密码。

Java的默认cacerts密码是"changeit",除非你在Mac上,它在某种程度上"改变"。显然,对于Mountain Lion(基于评论和此处的另一个答案),Mac的密码现在也是"改变",可能是因为Oracle现在也处理Mac JVM的分发。


#2 热门回答(44 赞)

密钥库的密码默认为:"changeit"。我对你在这里输入的命令起作用,用于导入证书。我希望你已经解决了你的问题。


#3 热门回答(3 赞)

Mac Mountain Lion现在使用的密码与Oracle相同。


原文链接