将证书密钥库迁移到另一个JVM [英] Migrating a certificate keystore to another JVM
问题描述
我正在开发一个需要JRE的安装程序,并创建证书。我正在研究捆绑新JRE的下一版安装程序。我需要移动在 cacerts 旧JRE的密钥库到新的JRE。如果我将旧的jre / lib / security /目录下的cacerts文件复制到新的JRE,那么cacerts中的现有证书是否有效,我将进行安装。
I am working on a installer which needs a JRE and creates certificates as well. I am working on the next version of installer which bundles a new JRE. I need to move all the certificates that are imported in cacerts keystore of the old JRE to a new JRE. Will the existing certificates in cacerts be valid if I copy the "cacerts" file under old jre/lib/security/ directory to the new JRE, I will be installing.
我看了一下问题:是否可以将cacerts的所有内容导入jssecacerts文件?以将证书导入我的密钥库。这是否意味着如果通过复制cacerts的密钥库迁移不起作用,我需要备份现有的jre / lib / security / cacerts并将其导入新的JRE?
I looked at question: "Is it possible to import all contents of cacerts into a jssecacerts file?" to import certificates into my keystore. Does this mean I need to backup the existing jre/lib/security/cacerts and import it to new JRE if the keystore migration by copying cacerts will not work?
推荐答案
你不想这样做。您不希望打扰已存在于新trustStore中的证书,并且您不希望从旧trustStore的原始内容中复制任何不在新trustStore的默认内容中的内容。您希望将添加的所有证书导入旧的默认trustStore到新的默认trustStore。所以在一个单独的地方跟踪它们,然后在新的trustStore上重复原始的导入过程。
You don't want to do this. You don't want to disturb the certificates that are already in the new trustStore, and you don't want to copy anything from the original contents of the old trustStore that isn't in the default contents of the new trustStore. You want to import all the certificates that you have added to the old default trustStore to the new default trustStore. So keep track of them, in a separate place, and just repeat the original import process on the new trustStore.
这篇关于将证书密钥库迁移到另一个JVM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
