堆栈内存溢出
  简体   繁体   English

如何创建一个空的 Java 信任库?

[英]How to create an empty java trust store?

 原文  2016-06-23 14:18:48       java/ ssl/ truststore

问题描述

I want to make a https client in java which initially does not have any CA certs to trust.我想在 Java 中创建一个 https 客户端,它最初没有任何可信任的 CA 证书。 Since I don't want the JVM to use the default cacerts file I should make an empty trust store and point it to the JVM.由于我不希望 JVM 使用默认的 cacerts 文件,因此我应该创建一个空的信任存储并将其指向 JVM。
How can I make an empty trust store?我怎样才能建立一个空的信托商店?

4 个解决方案

解决方案1
 16 已采纳  2020-02-14 12:49:51

Using keytool, create a random key pair:使用 keytool,创建一个随机密钥对:

keytool -genkeypair -alias boguscert -storepass storePassword -keypass secretPassword -keystore emptyStore.keystore -dname "CN=Developer, OU=Department, O=Company, L=City, ST=State, C=CA"

then delete it然后删除它

keytool -delete -alias boguscert -storepass storePassword -keystore emptyStore.keystore

review its contents:查看其内容:

$ keytool -list -keystore emptyStore.keystore -storepass storePassword
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 0 entries

解决方案2
 8  2016-06-23 14:48:28

One possible solution I found is to import some random certificate into a newly created trust store with keytool import and then delete the imported certificate from it.我发现的一种可能的解决方案是使用keytool import将一些随机证书导入到新创建的信任库中,然后从中删除导入的证书。 This leaves you with an empty key/trust store.这会给您留下一个空的密钥/信任库。 Unfortunately the JVM is not happy with an empty trust store and throws an exception upon that.不幸的是,JVM 对空的信任存储并不满意,并在此基础上抛出异常。 So at least one certificate should be present there which could be any invalid or expired one in order to achieve the goal.因此,至少应存在一个证书,该证书可能是任何无效或过期的证书,以实现目标。

解决方案3
 4  2019-12-31 10:01:23

if someone eventually reaches here again:如果有人最终再次到达这里:

  public static void main (String[] args) {
    String storePassword = "storePassword";
    String storeName = "emptyStore.jks";
    String storeType = "jks";
    try (FileOutputStream fileOutputStream = new FileOutputStream(storeName)) {
      KeyStore keystore = KeyStore.getInstance(storeType);
      keystore.load(null, storePassword.toCharArray());
      keystore.store(fileOutputStream, storePassword.toCharArray());
    } catch (CertificateException | NoSuchAlgorithmException | IOException | KeyStoreException e) {
      e.printStackTrace();
  }

then check the content with keytool:然后用keytool检查内容:

$ keytool -list -keystore emptyStore.jks -storepass storePassword
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 0 entries

解决方案4
 1  2019-11-04 15:05:30

You may pass a null argument to KeyStore::load to create an empty keystore.您可以将空参数传递给KeyStore::load以创建一个空的密钥库。 See https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html#load-java.io.InputStream-char:A-请参阅https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html#load-java.io.InputStream-char:A-

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在java信任库中导入jks证书 - How to import a jks certificate in java trust store 我可以使用keytool创建没有密码的Java信任库吗? - Can I create a Java trust store without a password using keytool? Java7拒绝信任信任库中的证书 - Java7 Refusing to trust certificate in trust store java trust unix证书商店 - java trust unix certificate store 如何在Spring Java中将信任存储文件加载到以下代码 - How to load a trust store file to below code in Spring Java 如何将.cer公钥导入Java信任库? - How to import .cer public key into java trust store? 如何访问Java信任库证书 - How can I access java trust store certs 如何在jTDS连接URL中指定信任库和信任库密码? - how to specify trust store and trust store password in jTDS connection url? Java中与平台无关的信任库路径 - Platform-independent trust store path in Java 为什么 Java 运行时在 SSL 信任存储的工作方式以及我们如何处理它方面有如此大的不同? - Why does Java runtime differ so much in how SSL trust store works and how do we deal with it?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM