我可以在 Java 中创建自签名证书，该证书将被 Web 浏览器自动信任吗? [英] Can I create self-signed certificate in Java which will be automatically trusted by web browsers?

问题描述

我已经使用 keytool 为我的 Java 应用程序生成了一个自签名证书.但是，当我在浏览器中访问该站点时，它总是会弹出警告 - 说该站点不拥有证书 - 有没有办法对证书进行自签名/修改证书，这样我就不会收到这些警告浏览器?服务器和浏览器都位于同一主机上，我使用http://localhost/"导航到该站点.我不想向浏览器添加例外，因为我有在大型构建场上运行的测试，因此向所有构建机器上的所有浏览器添加例外是多余的.

I've generated a self-signed certificate for my Java app using keytool. However, when I go to the site in a browser it always pops up with a warning - saying this site does not own the certificate - is there a way to self-sign/doctor a certificate so I won't get these warnings in a browser? Both server and browser are located on the same host and I navigate to the site using "http://localhost/". I do not want to add an exception to the browser because I have tests which run on a big build farm so it is excessive to add an exception to all browsers on all build machines.

推荐答案

您还可以使用 OpenSSL 或您的 Java 工具设置自签名证书颁发机构 (CA).然后，您可以使用该 CA 来签署许多服务器证书.

You could also setup a self-signed Certificate Authority (CA) using OpenSSL or possibly your Java tool. You can then use that CA to sign a number of server certs.

您仍然需要在访问测试服务器的所有客户端上手动信任您的自签名 CA，但至少您只需要信任一个根 CA，而不是一堆单独的自签名服务器证书.

You are still going to need to manually trust your self-signed CA on all clients that access your test servers, but at least you only have to trust one root CA, rather than a bunch of individual self-signed server certs.

另一种选择是查看 CAcert.

这篇关于我可以在 Java 中创建自签名证书，该证书将被 Web 浏览器自动信任吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！