在Windows JRE中导入StartCom CA证书

时间:2010-11-29 10:11:04

标签: java security certificate keystore truststore

我有一个Java应用程序访问使用StartCom SSL证书的服务。为了实现这一点,我需要将StartCom CA证书添加到Java的信任库中,因为它们默认情况下不在那里。我已经使用这些命令在linux上成功完成了这项工作

sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt

(来自this script

然而,相同的命令(适当调整)在Windows上不起作用。我明白了:

keytool error: java.lang.RuntimeException: Usage error, trustcacerts is not a legal command

如何让它发挥作用?

4 个答案:

答案 0 :(得分:5)

这是一个简单的错字。在转换命令时,我忘记了“trustcacerts”之前的破折号。 :(

答案 1 :(得分:2)

在Mac OS X Mavericks 10.9上我这样做了:

我总是创建一个我稍后删除的tmp目录,但你不必:

mkdir ~/tmp
cd ~/tmp

然后下载证书:

curl http://www.startssl.com/certs/ca.crt -O
curl http://www.startssl.com/certs/sub.class1.server.ca.crt -O
curl http://www.startssl.com/certs/sub.class2.server.ca.crt -O
curl http://www.startssl.com/certs/sub.class3.server.ca.crt -O
curl http://www.startssl.com/certs/sub.class4.server.ca.crt -O

让您的Java回家:

$ /usr/libexec/java_home
/Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home

使用keytool进行安装:

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt

答案 2 :(得分:0)

删除-trustcacerts

答案 3 :(得分:0)

是的,-trustcacerts是正确的语法。

但是要使链接脚本在Cygwin下运行,您需要从所有sudo行中删除keytool - sudo在Cygwin中不可用。

相关问题
最新问题