有没有一种方法可以加载不同于java_home/jre/lib/security文件夹中指定的证书的证书? [英] Is there a way to load a different cacerts than the one specified in the java_home/jre/lib/security folder?
问题描述
我在运行2或3个应用程序的系统中安装了Java.
I have a single installation of java in a system that runs 2 or 3 applications.
所有应用程序都使用相同的运行时.
All the applications use the same runtime.
有没有一种方法可以为ca证书指定与java_home/jre/lib/security中的密钥库不同的密钥库.也就是说,是否有一个选项可以指定一个额外的"密钥库,该密钥库可以加载并添加到从java_home/jre/lib/security/cacerts加载的证书中?
Is there a way to specify a different keystores for the ca certs than the one in java_home/jre/lib/security. That is, is there an option to specify an "extra" keystore that is loaded and added to the certs loaded from java_home/jre/lib/security/cacerts?
我要避免的是,每次升级框中的jdk时都必须重新导入我们的本地ca.
What I want to avoid is having to re-import our local ca every time I upgrade the jdk in the box.
推荐答案
我认为您想指定信任库:
I think you want to specify the truststore:
java -Djavax.net.ssl.trustStore=/home/gene/mycacerts ...
或者(如果可能)通过JSSE使用证书,则可以将信任库复制到 $ JAVA_HOME/jre/lib/security/
目录中的 jssecacerts
(尽管每次安装/重新安装JDK仍然需要这样做).Sun的JSSE在 $ JAVA_HOME/jre/lib/security/cacerts
之前查找 $ JAVA_HOME/jre/lib/security/jssecacerts
.
Or if you are using certs through JSSE (you probably are), you can copy your truststore to jssecacerts
in the $JAVA_HOME/jre/lib/security/
directory (although you'd still have to do that each time a JDK got installed/reinstalled). Sun's JSSE looks for $JAVA_HOME/jre/lib/security/jssecacerts
before $JAVA_HOME/jre/lib/security/cacerts
.
请参见 http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager
这篇关于有没有一种方法可以加载不同于java_home/jre/lib/security文件夹中指定的证书的证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!