有没有一种方法可以加载不同于java_home/jre/lib/security文件夹中指定的证书的证书? [英] Is there a way to load a different cacerts than the one specified in the java_home/jre/lib/security folder?

问题描述

我在运行2或3个应用程序的系统中安装了Java.

I have a single installation of java in a system that runs 2 or 3 applications.

所有应用程序都使用相同的运行时.

All the applications use the same runtime.

有没有一种方法可以为ca证书指定与java_home/jre/lib/security中的密钥库不同的密钥库.也就是说，是否有一个选项可以指定一个额外的"密钥库，该密钥库可以加载并添加到从java_home/jre/lib/security/cacerts加载的证书中?

Is there a way to specify a different keystores for the ca certs than the one in java_home/jre/lib/security. That is, is there an option to specify an "extra" keystore that is loaded and added to the certs loaded from java_home/jre/lib/security/cacerts?

我要避免的是，每次升级框中的jdk时都必须重新导入我们的本地ca.

What I want to avoid is having to re-import our local ca every time I upgrade the jdk in the box.

推荐答案

我认为您想指定信任库:

I think you want to specify the truststore:

java -Djavax.net.ssl.trustStore=/home/gene/mycacerts ...

或者(如果可能)通过JSSE使用证书，则可以将信任库复制到 $ JAVA_HOME/jre/lib/security/目录中的 jssecacerts (尽管每次安装/重新安装JDK仍然需要这样做).Sun的JSSE在 $ JAVA_HOME/jre/lib/security/cacerts 之前查找 $ JAVA_HOME/jre/lib/security/jssecacerts .

Or if you are using certs through JSSE (you probably are), you can copy your truststore to jssecacerts in the $JAVA_HOME/jre/lib/security/ directory (although you'd still have to do that each time a JDK got installed/reinstalled). Sun's JSSE looks for $JAVA_HOME/jre/lib/security/jssecacerts before $JAVA_HOME/jre/lib/security/cacerts.

请参见 http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager

这篇关于有没有一种方法可以加载不同于java_home/jre/lib/security文件夹中指定的证书的证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！