我正在尝试将可信证书导入到Java cacerts keystore中,但是我遇到了问题。我试图列出现有的受信任证书,但似乎密钥库没有密码保护。
$ keytool -list -keystore cacerts
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 76 entries
我尝试导入受信任的证书:
$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
我还尝试将密码从“无”更改为某些内容:
$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
这意味着cacerts密钥库不受密码保护
这是一个错误的假设。如果您仔细阅读,则会发现该清单是在未验证密钥库完整性的情况下提供的,因为您没有提供密码。该列表不需要密码,但是您的密钥库肯定有密码,如:
为了验证其完整性,您必须提供密钥库密码。
Java的默认cacerts密码为“ changeit”,除非您使用的是Mac,在特定情况下为“ changeme”。显然,从Mountain Lion(基于注释和此处的另一个答案)开始,Mac的密码现在也变成了“ changeit”,这可能是因为Oracle现在也在处理Mac JVM的分发。
默认情况下,密钥库的密码是:“ changeit”。我执行了您在此处输入的用于导入证书的命令。希望您已经解决了您的问题。
Mac Mountain Lion现在使用Oracle时具有相同的密码。