堆栈内存溢出
  简体   繁体   English

如何在命令行上指定密钥库类型?

[英]How do I specify the keystore type on the command line?

 原文  2018-09-24 14:56:00       java/ keystore

问题描述

In the java.security file, you can specify the keystore.type value. 在java.security文件中,可以指定keystore.type值。 However, that looks like it changes the default keystore type for all JVM instances. 但是,这似乎更改了所有JVM实例的默认密钥库类型。 I just want to change it for one instance. 我只想更改一个实例。

Currently, it is set to "jks", but I need it to be "jceks". 当前,它设置为“ jks”,但我需要将其设置为“ jceks”。 I tried -Djava.security.keystore.type=jceks but that doesn't seem to do what I want it to do. 我尝试了-Djava.security.keystore.type=jceks但这似乎并没有达到我想要的目的。

What's the right way to do this? 什么是正确的方法?

1 个解决方案

解决方案1
 1 已采纳  2018-09-24 18:29:04

-Dname=value sets a system property; -Dname=value设置系统属性; the settings in java.security are security properties not system properties , and cannot be directly set on command line. java.security中的设置是安全属性 ,而不是系统属性 ,并且不能直接在命令行上设置。 You can create a supplementary (or replacement) file and specify that with a sysprop -Djava.security.properties=name_of_file_containing_keystore_setting as long as you (or anyone else) did not change the default setting of security.overridePropertiesFile=true in java.security . 可以创建一个补充(或替换) 文件,并使用sysprop -Djava.security.properties=name_of_file_containing_keystore_setting contains_keystore_setting进行指定,只要您(或其他任何人)未更改java.securitysecurity.overridePropertiesFile=true缺省设置即可。 Similar: How can I disable TLSv1 without change source code? 类似: 如何在不更改源代码的情况下禁用TLSv1? .

Note that if you only need to change the type of the truststore and/or keystore used by JSSE for SSL/TLS/HTTPS/etc by default, those do use sysprops javax.net.ssl.{trust,key}StoreType (along with {trust,key}Store{,Password} ). 请注意,如果默认情况下您只需要更改JSSE用于SSL / TLS / HTTPS / etc的信任库和/或密钥库的类型,则它们确实使用sysprops javax.net.ssl.{trust,key}StoreType (以及{trust,key}Store{,Password} )。

Also you might want to be aware that Java9 up changes the as-installed default to PKCS12, which is both more secure and more portable/interoperable than JKS. 另外,您可能还想知道Java9 up将安装时的默认值更改为PKCS12,它比JKS更安全,更可移植/可互操作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从命令行在类路径中指定mysql jar? - How do I specify the mysql jar in the classpath from the command line? 如何在 Windows 命令行中为 Android Studio 生成密钥库签名的 a.jpk 签名文件? - How do I generate a .jpk signature file for keystore signing for Android Studio in Windows Command Line? 如何指定用于打开Mac OSX的Java System.exec()文档的命令行? - How do I specify a command line to open a document for Java System.exec() for Mac OSX? 如何在 spring application.properties 中指定我的 ssl 密钥库文件的本地文件路径? - How do I specify local file path to my ssl keystore file in spring application.properties? 如何指定正确的返回类型? - How do I specify the correct return type? 如何在不使用命令行工具的情况下从现有的证书和密钥集中创建Java KeyStore? - How can I create a Java KeyStore from an existing set of certificates and keys without using command line tools? 如何从命令行显示Java密钥库SecretKeyEntry - How to display Java keystore SecretKeyEntry from command line 如何解决错误:无法加载密钥库类型 [PKCS12] - How do I solve the error: Failed to load keystore type [PKCS12 ] 如何克隆Java密钥库实例? - How do I clone a java keystore instance? 如何存储Java KeyStore密码? - How do I store a Java KeyStore password?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM