如何在IE受信任的根证书颁发机构存储中自动安装自签名证书 [英] How to automatically install self signed certificate in IE Trusted Root Certification Authorities store

问题描述

我创建了一个自签名证书，但浏览器告诉我此CA根证书不受信任。要启用信任，请在受信任的根证书颁发机构存储中安装此证书。

I created a self signed certificate but the browser tells me "This CA Root Certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store".

我进入IE - > Internet选项 - >内容 - >证书 - >等...我实际上必须导出自签名证书，然后将其导入受信任的根证书。只有在证书位于用户计算机的ROOT存储区之后，IE才显示任何警告。

I did by going into IE --> Internet Options --> Content --> Certificates --> ect... I actually had to export the self signed certificate and then import it into the Trusted Root Certification. Only after the certificate was located under the ROOT store in the users machine that IE did not display any WARNINGS.

这将部署在生产环境中，因此拥有用户手动执行上述步骤是不可接受的。

This will be deployed in a production environment, so having the users manually do the above steps is unacceptable.

如何自动执行此操作？我只是希望他们接受并且没有证书错误并且在IE中将URL栏变为RED。

How can I automatically do this? I just want them to accept and not have that "Certificate Error" and have the URL bar turned "RED" in IE.

我正在使用Tomcat 5.5。我也按照与Tomcat SSL如何教程相同的步骤 http：/ /tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

I'm using Tomcat 5.5. I also followed the same steps as in the Tomcat SSL How To Tutorial http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

提前致谢。

推荐答案

Java 6提供了一个名为SunMSCAPI的加密提供程序来访问windows加密库API。此提供程序实现了一个包含所有Trust Anchors证书的密钥库Windows-Root。

Java 6 provides a cryptographic provider named SunMSCAPI to access the windows cryptography libraries API. This provider implements a keystore "Windows-Root" containing all Trust Anchors certificates.

可以在此密钥库中插入证书。

It is possible to insert a certificate in this keystore.

KeyStore root = KeyStore.getInstance("Windows-ROOT");
root.load(null);
/* certificate must be DER-encoded */
FileInputStream in = new FileInputStream("C:/path/to/root/cert/root.der");
X509Certificate cacert = (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(in);
root.setCertificateEntry("CACert Root CA", cacert);

如果要确认，将提示用户。如果操作被用户取消，则抛出KeyStoreException。

The user will be prompted if for confirmation. If the operation is canceled by the user then a KeyStoreException is thrown.

有关提供者的一些技术说明可以在这里找到： http://download.oracle.com/javase/6/docs/technotes/guides/security/ SunProviders.html＃SunMSCAPI

Some technotes about the provider can be found here: http://download.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunMSCAPI

这篇关于如何在IE受信任的根证书颁发机构存储中自动安装自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！