问题
我正在尝试将受信任的证书导入到Java cacerts keystore中,但我遇到了问题。我试图列出现有的可信证书,似乎密钥库没有密码保护。
$ keytool -list -keystore cacerts
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 76 entries
我试图导入一个可信证书:
$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
我还尝试将密码从"无"更改为:
$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
#1 热门回答(191 赞)
这意味着cacerts密钥库不受密码保护
这是一个错误的假设。如果你仔细阅读,你会发现列表是在未验证密钥库完整性的情况下提供的,因为你没有提供密码。该列表不需要密码,但你的密钥库肯定有密码,如下所示:
为了验证其完整性,你必须提供密钥库密码。
Java的默认cacerts密码是"changeit",除非你在Mac上,它在某种程度上"改变"。显然,对于Mountain Lion(基于评论和此处的另一个答案),Mac的密码现在也是"改变",可能是因为Oracle现在也处理Mac JVM的分发。
#2 热门回答(44 赞)
密钥库的密码默认为:"changeit"。我对你在这里输入的命令起作用,用于导入证书。我希望你已经解决了你的问题。
#3 热门回答(3 赞)
Mac Mountain Lion现在使用的密码与Oracle相同。