- 浏览: 99617 次
- 性别:
- 来自: 上海
最新评论
-
kingtay:
...
查看class文件的字节码版本号 -
kkfbai:
补充说明一下:如果只想判断两个LIST是否有交集,可以使用Co ...
java 两list求交集
有两种方式
一.
Untitled如何把Https网站中的安全证书导入到java中的cacerts证书库中?在项目开发中,有时会遇到与SSL安全证书导入打交道的,如何把证书导入java中的cacerts证书库呢?
其实很简单,方法如下:
每一步:进入某个https://www.xxx.com开头的网站,把要导入的证书下载过来,
在该网页上右键
>> 属性 >> 点击"证书" >>
再点击上面的"详细信息"切换栏
>>
再点击右下角那个"复制到文件"的按钮
就会弹出一个证书导出的向导对话框,按提示一步一步完成就行了。
例如:保存为abc.cer,放在C盘下
第二步:如何把上面那步的(abc.cer)这个证书导入java中的cacerts证书库里?
方法如下
假设你的jdk安装在C:\jdk1.5这个目录,
开始
>> 运行 >> 输入cmd 进入dos命令行 >>
再用cd进入到C:\jdk1.5\jre\lib\security这个目录下
敲入如下命令回车执行
keytool -import -alias cacerts -keystore %java_home%\jre\lib\security\cacerts -file C:\abc.cer -trustcacerts
此时命令行会提示你输入cacerts证书库的密码,
你敲入changeit就行了,这是java中cacerts证书库的默认密码,
你自已也可以修改的。
二.
/*
* Copyright 2006 Sun Microsystems, Inc. All Rights
Reserved.
*
* Redistribution and use in source and binary
forms, with or without
* modification, are permitted provided that the
following conditions
* are met:
*
* -
Redistributions of source code must retain the above
copyright
* notice, this list of conditions and
the following disclaimer.
*
* - Redistributions in
binary form must reproduce the above
copyright
* notice, this list of conditions and
the following disclaimer in the
* documentation
and/or other materials provided with the
distribution.
*
* - Neither the name of Sun
Microsystems nor the names of its
*
contributors may be used to endorse or promote products
derived
* from this software without specific
prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE
COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
*
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
*
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
*
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
*
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
*/ import java.io.*;
import java.net.URL; import java.security.*;
import java.security.cert.*; import javax.net.ssl.*;
public class InstallCert { public static void main(String[] args) throws Exception
{
String host;
int port;
char[]
passphrase;
//传如参数 192.168.84.84:443 changeit
if ((args.length
== 1) || (args.length == 2)) {
String[] c =
args[0].split(":");
host =
c[0];
//默认取443端口
port =
(c.length == 1) ? 443 : Integer.parseInt(c[1]);
//默认密码为changeit
String p = (args.length == 1) ?
"changeit" : args[1];
passphrase =
p.toCharArray();
} else {
System.out.println("Usage: java InstallCert <host>[:port]
[passphrase]");
return;
} //创建jssecacerts文件
File file = new
File("jssecacerts");
if (file.isFile() == false)
{
char SEP =
File.separatorChar;
File dir = new
File(System.getProperty("java.home") + SEP
+
"lib" + SEP + "security");
file = new File(dir,
"jssecacerts");
if (file.isFile() == false)
{
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file +
"...");
InputStream in = new
FileInputStream(file);
//默认使用JKS的KEYSTORE TYPE
KeyStore ks =
KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in,
passphrase);
in.close(); SSLContext context =
SSLContext.getInstance("TLS");
TrustManagerFactory tmf
=
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager
defaultTrustManager =
(X509TrustManager)tmf.getTrustManagers()[0];
SavingTrustManager tm =
new SavingTrustManager(defaultTrustManager);
context.init(null, new
TrustManager[] {tm}, null);
SSLSocketFactory factory =
context.getSocketFactory(); System.out.println("Opening connection to " + host + ":" + port +
"...");
SSLSocket socket = (SSLSocket)factory.createSocket(host,
port);
socket.setSoTimeout(10000);
try
{
System.out.println("Starting SSL
handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors,
certificate is already trusted");
} catch (SSLException e)
{
System.out.println();
e.printStackTrace(System.out);
} X509Certificate[] chain = tm.chain;
if (chain == null)
{
System.out.println("Could not obtain server
certificate chain");
return;
} BufferedReader reader =
new BufferedReader(new
InputStreamReader(System.in)); System.out.println();
System.out.println("Server sent " +
chain.length + "
certificate(s):");
System.out.println();
MessageDigest sha1 =
MessageDigest.getInstance("SHA1");
MessageDigest md5 =
MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length;
i++) {
X509Certificate cert =
chain[i];
System.out.println
(" " + (i + 1) + " Subject
" + cert.getSubjectDN());
System.out.println(" Issuer " +
cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println(" sha1 " +
toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println(" md5 " +
toHexString(md5.digest()));
System.out.println();
} System.out.println("Enter certificate to add to trusted keystore or
'q' to quit: [1]");
String line =
reader.readLine().trim();
int k;
try
{
k = (line.length() == 0) ? 0 :
Integer.parseInt(line) - 1;
} catch (NumberFormatException e)
{
System.out.println("KeyStore not
changed");
return;
} X509Certificate cert = chain[k];
String alias = host + "-" +
(k + 1);
ks.setCertificateEntry(alias, cert); OutputStream out = new
FileOutputStream("jssecacerts");
ks.store(out,
passphrase);
out.close(); System.out.println();
System.out.println(cert);
System.out.println();
System.out.println
("Added
certificate to keystore 'jssecacerts' using alias '"
+ alias +
"'");
} private static final char[] HEXDIGITS =
"0123456789abcdef".toCharArray(); private static String toHexString(byte[] bytes)
{
StringBuilder sb = new StringBuilder(bytes.length * 3);
for
(int b : bytes) {
b &=
0xff;
sb.append(HEXDIGITS[b >>
4]);
sb.append(HEXDIGITS[b &
15]);
sb.append(' ');
}
return
sb.toString();
} private static class SavingTrustManager implements
X509TrustManager { private final X509TrustManager tm;
private X509Certificate[]
chain; SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
} public X509Certificate[] getAcceptedIssuers()
{
throw new
UnsupportedOperationException();
} public void checkClientTrusted(X509Certificate[] chain, String
authType)
throws CertificateException
{
throw new
UnsupportedOperationException();
} public void checkServerTrusted(X509Certificate[] chain, String
authType)
throws CertificateException
{
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
} }
- 把Https网站中的安全证书导入到java的cacerts证书库中.rar (3.7 KB)
- 下载次数: 41
发表评论
-
IDEA 社区版同一个项目启动多次
2022-09-23 07:58 346打开idea社区版的服务列表,选中要多次启动的项目,右键选 ... -
正则表达示提取匹配内容
2019-10-15 19:14 548public static void main(Strin ... -
java https tomcat 单双认证(含证书生成和代码实现)
2018-01-11 15:14 765https://www.cnblogs.com/sprin ... -
nginx1.0.4 配置
2014-09-17 11:51 678见附件 -
jconsole 远程连接
2014-08-21 14:18 1162linux服务器应用程序的启动配置如下: ####### ... -
判断一个字符中是否有乱码
2014-05-19 11:30 1305package com.test; import ja ... -
SizeOf对象的大小
2013-12-25 17:36 783private static void mobileno() ... -
JVM系列三:JVM参数设置、分析
2014-05-19 11:34 704不管是YGC还是Full GC,GC过程中都会对导致程序运 ... -
Eclipse去除js(JavaScript)错误
2013-08-20 09:46 564最近出了一个很怪的 ... -
webQQ-web版及时通信
2013-06-24 15:42 702webQQ-web版及时通信 带sql脚本 -
输出堆栈日志
2013-06-07 09:08 1031@echo off&setlocal enablede ... -
将JAVA应用程序打包成EXE可执行文件教程.doc
2013-04-15 14:11 890将JAVA应用程序打包成EXE可执行文件教程.doc -
java 获取当前运行服务的操作系统PID
2013-04-11 11:22 1006ManagementFactory.getRuntimeM ... -
LambdaProbe使用简介
2012-09-27 14:59 963LambdaProbe使用简介 LambdaProb ... -
Java编程中“为了性能”尽量要做到的一些地方(转)
2012-03-08 14:21 2279最近的机器内存又爆满了,除了新增机器内存外,还应该好好revi ... -
java基础
2010-05-30 21:07 840String a = new String ... -
语录收集
2010-05-17 16:35 833设计模式 Abstract Factory:提供一个创建 ... -
循环bean的属性
2010-04-23 17:51 882private Map<String, String&g ... -
remove list
2009-11-20 10:22 862Iterator<AcctChargeConfigDTO ... -
身份证验证js
2009-09-16 18:19 1570//身份证验证 function checkIdcard(i ...
相关推荐
通过连接到主机并下载证书,简单地导入 Java 密钥库。 应该使用 https、smtp 或 ldap 证书。 要求 安装了Java。 角色变量 java_certificate_host: example.com java_certificate_port: 443 java_certificate_alias:...
nexus的jdk证书cacerts
当在Java中使用URL.openConnection().connect()方法进行HTTPS请求时,如果遇到PKIX path building failed异常,通常意味着Java运行环境在验证服务器证书链时遇到了问题。具体错误信息sun.security.provider....
安装配置nacl sdk环境时,命令naclsdk update,报错third_party.fancy_urllib....更换证书文件,第一次更换会自动恢复默认,要再更换一次,就好了,具体方法参见:博客https://mp.csdn.net/postedit/72821974,更新部分
(CA证书是公共信息,只有极少数情况需要将其保密,因为您会意识到非常具体的业务需求。) 需要使用JDK的SSL功能的Java程序必须访问cacerts文件,而将解密密码传递给JVM的唯一方法是使用-Djavax.net.ssl....
安装证书 来自Google Code @ 的... 通过覆盖cacerts文件复制到目录中将导致所有Java应用程序信任新证书。 可以通过重新运行“ java InstallCert host:[port]”来验证信任链。 可以在以下位置找到更详细的说明:
cacerts.bks
安装配置nacl sdk环境时,命令naclsdk update,报错third_party.fancy_urllib.InvalidCertificateException: Host storage.googleapis.com returned an invalid certificate ([SSL: CERTIFICATE_VERIFY_FAILED] ...
cacerts jenkins所需的静态文件
其以二进制格式存储,在windows中可以直接导入到密钥区,注意,PKCS#12的密钥库保护密码同时也用于保护Key。 UBER 比较特别,当密码是通过命令行提供的时候,它只能跟keytool交互。整个keystore是通过PBE/SHA1/...
读取配置文件信息(解决硬编码),生成证书(密钥库JKS导出公钥),单一固定客户端的导入证书到Java的security中的cacerts信任证书库)
1. 配置SSL ... c) 将证书文件导入到java证书库cacerts中 d) 修改<TOMCAT_HOME>/conf下面得server.xml文件 2. 部署CAS服务器 3. 修改CAS登录的用户库 4. 测试是否配置成功 5. 配置过程中可能会出现的错误
oracle-java-XX-cacerts软件包将JRE oracle-java-XX-cacerts软件包替换为发行版中的ca-certificates。 如果您想信任某些第三方CA,只需将其放置在正确的位置并运行update-ca-certificates 。 用法 下载公钥 # wget ...
aws MongoDB 开启TLS认证脚本,需进行修改,keytool import导入至java自带的密钥库。oracle jdk:$JAVA_HOME/jre/lib/security/cacerts openjdk:$JAVA_HOME/lib/security/cacerts
export JAVA_OPTS='-Djavax.net.ssl.trustStore=/vagrant/cacerts_from_ubuntu_18.04' 首先安装sdkman curl -s "https://get.sdkman.io" | bash 然后激活 source "/home/vagrant/.sdkman/bin/sdkman-init.sh" 并...
此Erlang库包含一个CA捆绑包,您可以在您的Erlang应用程序中引用该捆绑包。 对于没有Erlang可以找到的CA捆绑包的系统,或者统一的CA集合很有价值的系统,这很有用。 这是Erlang特定的端口。 CA捆绑软件源自Mozilla的...
docker主机的SSL证书是自签名的(安装时由boot2docker创建),因此需要手动添加到Java的cacerts keystore中。 sudo keytool import -alias $DOCKER_HOST -file $DOCKER_CERT -keystore $JAVA_HOME/jre/lib/security/...
证书对于 TLS 加密的 Web 服务,您需要将服务器证书放在cert/cacerts密钥库中。 使用以下命令: keytool -keystore cert/cacerts -importcert -alias keyname -file input.crt 密钥库密码是changeit 。编