[英]How do I specify the keystore type on the command line?
In the java.security file, you can specify the keystore.type value. 在java.security文件中,可以指定keystore.type值。 However, that looks like it changes the default keystore type for all JVM instances. 但是,这似乎更改了所有JVM实例的默认密钥库类型。 I just want to change it for one instance. 我只想更改一个实例。
Currently, it is set to "jks", but I need it to be "jceks". 当前,它设置为“ jks”,但我需要将其设置为“ jceks”。 I tried -Djava.security.keystore.type=jceks
but that doesn't seem to do what I want it to do. 我尝试了-Djava.security.keystore.type=jceks
但这似乎并没有达到我想要的目的。
What's the right way to do this? 什么是正确的方法?
-Dname=value
sets a system property; -Dname=value
设置系统属性; the settings in java.security
are security properties not system properties , and cannot be directly set on command line. java.security
中的设置是安全属性 ,而不是系统属性 ,并且不能直接在命令行上设置。 You can create a supplementary (or replacement) file and specify that with a sysprop -Djava.security.properties=name_of_file_containing_keystore_setting
as long as you (or anyone else) did not change the default setting of security.overridePropertiesFile=true
in java.security
. 您可以创建一个补充(或替换) 文件,并使用sysprop -Djava.security.properties=name_of_file_containing_keystore_setting
contains_keystore_setting进行指定,只要您(或其他任何人)未更改java.security
的security.overridePropertiesFile=true
缺省设置即可。 Similar: How can I disable TLSv1 without change source code? 类似: 如何在不更改源代码的情况下禁用TLSv1? . 。
Note that if you only need to change the type of the truststore and/or keystore used by JSSE for SSL/TLS/HTTPS/etc by default, those do use sysprops javax.net.ssl.{trust,key}StoreType
(along with {trust,key}Store{,Password}
). 请注意,如果默认情况下您只需要更改JSSE用于SSL / TLS / HTTPS / etc的信任库和/或密钥库的类型,则它们确实使用sysprops javax.net.ssl.{trust,key}StoreType
(以及{trust,key}Store{,Password}
)。
Also you might want to be aware that Java9 up changes the as-installed default to PKCS12, which is both more secure and more portable/interoperable than JKS. 另外,您可能还想知道Java9 up将安装时的默认值更改为PKCS12,它比JKS更安全,更可移植/可互操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.