如何把Https网站中的安全证书导入到java中的cacerts证书库(转-便参考) 

每一步:进入某个https://www.xxx.com开头的网站,把要导入的证书下载过来,
    在该网页上右键 >> 属性 >> 点击"证书" >>
    再点击上面的"详细信息"切换栏 >>
    再点击右下角那个"复制到文件"的按钮
    就会弹出一个证书导出的向导对话框,按提示一步一步完成就行了。
    例如:保存为abc.cer,放在C盘下
 
第二步:如何把上面那步的(abc.cer)这个证书导入java中的cacerts证书库里?
    方法如下
   

[ywadmin@dev security]$
[ywadmin@dev security]$ keytool -import -alias cacerts -keystore cacerts -file -chainfincom.cer
Enter keystore password:
Owner: CN=*.chainfin.com, OU=Information Center, O=中望金服信息科技(北京)有限公司, L=BeiJing, ST=BeiJing, C=CN
Issuer: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
Serial number: 3e5c6950047054d89b7ef97ef369f001
Valid from: Thu Oct 20 08:00:00 CST 2016 until: Sun Oct 21 07:59:59 CST 2018
Certificate fingerprints:
MD5: 40:7B:9B:B8:79:3E:3C:A2:2D:2B:5C:E7:4E:2F:63:73
SHA1: 95:5C:77:52:EB:D7:6B:6E:FA:52:C4:C9:D5:61:22:DF:D3:F1:52:F1
Signature algorithm name: SHA256withRSA
Version: 3



Extensions:




#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]




#2: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false




#3: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://gn.symcd.com, 
   accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://gn.symcb.com/gn.crt]
]




#4: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: *.chainfin.com
  DNSName: chainfin.com
]




#5: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]




#6: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://gn.symcb.com/gn.crl]
]]




#7: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.23.140.1.2.2]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 33 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 65  .3https://www.ge
0010: 6F 74 72 75 73 74 2E 63   6F 6D 2F 72 65 73 6F 75  otrust.com/resou
0020: 72 63 65 73 2F 72 65 70   6F 73 69 74 6F 72 79 2F  rces/repository/
0030: 6C 65 67 61 6C                                     legal




], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.2
  qualifier: 0000: 30 35 0C 33 68 74 74 70   73 3A 2F 2F 77 77 77 2E  05.3https://www.
0010: 67 65 6F 74 72 75 73 74   2E 63 6F 6D 2F 72 65 73  geotrust.com/res
0020: 6F 75 72 63 65 73 2F 72   65 70 6F 73 69 74 6F 72  ources/repositor
0030: 79 2F 6C 65 67 61 6C                               y/legal




]] ]
]




#8: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 6F F7 96 F4 85 3F 72   3C 30 7D 23 DA 85 78 9B  .o....?r<0.#..x.
0010: A3 7C 5A 7C                                        ..Z.
]




]




#9: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]




Trust this certificate? [no]: yes
Certificate was added to keystore
You have new mail in /var/spool/mail/ywadmin



    此时命令行会提示你输入cacerts证书库的密码,
    你敲入changeit就行了,这是java中cacerts证书库的默认密码,
    你自已也可以修改的。




 








		

		
posted @ 
2017-11-30 11:30 
91King 
阅读(651) 
评论(0) 
 
收藏 
举报