Here's a way to actually solve this problem without the need to view or edit the file.

这是一种无需查看或编辑文件即可实际解决此问题的方法。

The default keyStore type is JKS and the WSKeyStore class assumes it to be a PKCS12 file which throws the above error. So we need to convert the cacerts file to .p12 format.

默认的 keyStore 类型是 JKS 并且 WSKeyStore 类假定它是一个 PKCS12 文件，它会引发上述错误。所以我们需要将cacerts文件转换成.p12格式。

Using the keytool utility from command line I executed:

从命令行使用 keytool 实用程序我执行了：

C:\IBM\WebSphere85\AppServer\java\bin>keytool -importkeystore ^
 -srckeystore C:\IBM\WebSphere85\AppServer\java\jre\lib\security\cacerts ^
 -destkeystore C:\IBM\WebSphere85\AppServer\java\jre\lib\security\cacerts.p12 ^
 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit -noprompt

which gave me a cacerts.p12file which could be easily read by the above class.

这给了我一个cacerts.p12可以被上述课程轻松阅读的文件。

References:

参考资料：

• IBM Error
• Stackoverflow: convert .jks to .p12

• IBM 错误
• Stackoverflow：将 .jks 转换为 .p12

As far as the original question, you can use the keytoolcommandto view and edit a keystore like cacerts.

至于原始问题，您可以使用该keytool命令查看和编辑密钥库，如cacerts.

To viewall keys in the keystore, use keytool -list:

要查看密钥库中的所有密钥，请使用keytool -list：

$ keytool -list -keystore ${keystore.file}

where ${keystore.file}is the path to the cacertsfile, in your case C:\IBM\Websphere85\jdk\jre\lib\security\cacerts.

文件${keystore.file}的路径在哪里cacerts，在你的情况下是C:\IBM\Websphere85\jdk\jre\lib\security\cacerts.

To removea specific key, use keytool -delete:

要删除特定键，请使用keytool -delete：

$ keytool -delete -alias ${cert.alias} -keystore ${keystore.file}

where ${cert.alias}is an existing key alias from the above -listcommand. *

哪里${cert.alias}是上述-list命令中的现有密钥别名。*

To adda new key that was already generated elsewhere, use keytool -importcert:

要添加已在其他地方生成的新密钥，请使用keytool -importcert：

$ keytool -importcert -alias ${cert.alias} -keystore ${keystore.file} -file ${cer.file} 

where ${cer.file}is the path to an existing certificate or certificate chain.

哪里${cer.file}是现有证书或证书链的路径。

Note that with each of these commands, you will be prompted for the keystore password which you can instead specify with the -storepassoption. For example:

请注意，对于这些命令中的每一个，系统都会提示您输入密钥库密码，您可以使用该-storepass选项指定该密码。例如：

$ keytool -delete -noprompt -alias ${cert.alias} -keystore ${keystore.file} -storepass ${keystore.pass}

*The ${cert.alias}is the left-most value in the lines outputted from keytool -list.

*的${cert.alias}是在从输出的线的最左边的值keytool -list。

For example, if this is the ouput from keytool -list:

例如，如果这是来自以下内容的输出keytool -list：

$ keytool -list -keystore ./cacerts
Enter keystore password:  

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

verisignclass1ca, Jun 29, 1998, trustedCertEntry,
    Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
verisignserverca, Jun 29, 1998, trustedCertEntry,
    Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93

then verisignclass1caand verisignservercaare aliases you can specify to delete.

thenverisignclass1ca和verisignserverca是您可以指定删除的别名。