首页 文章

在Windows JRE中导入StartCom CA证书

提问于
浏览
14

我有一个Java应用程序访问使用StartCom SSL证书的服务 . 为了实现这一点,我需要将StartCom CA证书添加到Java的信任库中,因为它们默认情况下不在那里 . 我已经使用这些命令在linux上成功完成了这项工作

sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt

(来自this script

但是,相同的命令(适当调整)在Windows上不起作用 . 我明白了:

keytool error: java.lang.RuntimeException: Usage error, trustcacerts is not a legal command

如何使它工作?

java security certificate keystore truststore

4 回答

  • 0

    这是一个简单的错字 . 在转换命令时,我忘记了“trustcacerts”之前的破折号 . :(

    回复于
  • 2

    在Mac OS X Mavericks 10.9上我这样做了:

    我总是创建一个我稍后删除的tmp目录,但你不必:

    mkdir ~/tmp
cd ~/tmp

    然后下载证书:

    curl http://www.startssl.com/certs/ca.crt -O
curl http://www.startssl.com/certs/sub.class1.server.ca.crt -O
curl http://www.startssl.com/certs/sub.class2.server.ca.crt -O
curl http://www.startssl.com/certs/sub.class3.server.ca.crt -O
curl http://www.startssl.com/certs/sub.class4.server.ca.crt -O

    获取Java主页:

    $ /usr/libexec/java_home
/Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home

    使用keytool安装它:

    sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt
    回复于
  • 0

    删除-trustcacerts

    回复于
  • 5

    是的, -trustcacerts 是正确的语法 .

    但是要使链接脚本在Cygwin下工作,您需要从所有 keytool 行中删除 sudo - 在Cygwin中 sudo 不可用 .

    回复于

相关问题