java 如何检查证书是否在默认 cacerts 中
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/47007663/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to check a Certificate is in default cacerts
提问by loi mai
A client provide me with a HTTPS URL for a service call. I need to make a request to that URL. I know that if the certificate of that URL is from a common provider chances are that it's already available on the default java truststore cacerts.
客户为我提供了一个用于服务调用的 HTTPS URL。我需要向该 URL 发出请求。我知道,如果该 URL 的证书来自公共提供商,则它可能已经在默认的 java truststore cacerts上可用。
However I am unsure how to check whether I need to import the certificate or not. How can I check whether a certificate from a website is already in default java truststore \jre1.8\lib\security\cacerts?
但是我不确定如何检查是否需要导入证书。如何检查来自网站的证书是否已在默认 java truststore \jre1.8\lib\security\cacerts 中?
回答by Jesse
You can inspect (list) certificates in your cacert keystroke using the java keytool.
您可以使用 java keytool 在 cacert 按键中检查(列出)证书。
keytool -list -v -keystore /path/to/cacerts
keytool has to be in your path, or can be found in the bin directory of your Java Installation (e.g. C:/Program Files (x86)/Java/jre1.8/bin/keytool.exe).
keytool 必须在您的路径中,或者可以在您的 Java 安装(例如C:/Program Files (x86)/Java/jre1.8/bin/keytool.exe)的 bin 目录中找到。
回答by user207421
Just try to connect to it with URLand HttpsURLConnection, going at least as far as getting the response code, and no fancy trust managers or anything. If it's trusted, you won't have a problem.
只需尝试使用URL和连接到它HttpsURLConnection,至少可以获取响应代码,而不需要花哨的信任管理器或任何东西。如果它是可信的,你就不会有问题。
Your terminology is astray. All certificates are public. If it's a CA-signedcertificate, signed by a CAwhose certificate is in cacerts, you don't need to import it.
你的术语是错误的。所有证书都是公开的。如果是CA 签署的证书,由其证书位于 中的CA签署cacerts,则不需要导入它。
