我正在尝试将受信任的证书导入Java cacerts 密钥库 http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services,但我有一个问题。我尝试列出现有的受信任证书,但密钥库似乎不受密码保护。
$ keytool -list -keystore cacerts
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 76 entries
我尝试导入受信任的证书:
$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
我还尝试将密码从“无”更改为:
$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
这意味着 cacerts 密钥库不受密码保护
这是一个错误的假设。如果您仔细阅读,您会发现提供的列表没有验证密钥库的完整性,因为您没有提供密码。该列表不需要密码,但您的密钥库肯定有密码,如下所示:
为了验证其完整性,您必须提供密钥库密码。
Java 的默认 cacerts 密码是“changeit”,除非您使用的是 Mac,在某种程度上它是“changeme”。显然,从 Mountain Lion 开始(基于此处的评论和另一个答案),Mac 的密码现在也是“changeit”,可能是因为 Oracle 现在也在处理 Mac JVM 的分发。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
