堆栈内存溢出
  简体   繁体   English

如何找出我的JVM使用的密钥库?

[英]How do I find out what keystore my JVM is using?

 原文  2012-01-24 00:00:44    10    java/ jvm/ keytool

问题描述

I need to import a certificate into my JVM keystore. 我需要将证书导入我的JVM密钥库。 I am using the following: 我使用以下内容: 

keytool -import -alias daldap -file somecert.cer

so I would need to probably change my call into something like: 所以我需要将我的调用改为: 

keytool -import -alias daldap -file somecert.cer -keystore cacerts –storepass changeit

10 个解决方案

解决方案1
 114  2012-01-24 00:14:21

Your keystore will be in your JAVA_HOME---> JRE -->lib---> security--> cacerts . 你的密钥库将在你的JAVA_HOME---> JRE -->lib---> security--> cacerts You need to check where your JAVA_HOME is configured, possibly one of these places, 您需要检查JAVA_HOME的配置位置,可能是其中一个位置,

  1. Computer--->Advanced --> Environment variables---> JAVA_HOME 计算机--->高级 - >环境变量---> JAVA_HOME

  2. Your server startup batch files. 您的服务器启动批文件。

In your import command -keystore cacerts (give full path to the above JRE here instead of just saying cacerts). 在你的import命令-keystore cacerts中(在这里提供上述JRE的完整路径,而不仅仅是说cacerts)。

解决方案2
 31  2012-01-24 00:17:55

Keystore Location 密钥库位置

Each keytool command has a -keystore option for specifying the name and location of the persistent keystore file for the keystore managed by keytool. 每个keytool命令都有一个-keystore选项,用于指定由keytool管理的密钥库的持久密钥库文件的名称和位置。 The keystore is by default stored in a file named .keystore in the user's home directory, as determined by the "user.home" system property. 密钥库默认存储在用户主目录中名为.keystore的文件中,由“user.home”系统属性确定。 Given user name uName, the "user.home" property value defaults to 给定用户名uName,“user.home”属性值默认为 

C:\Users\uName on Windows 7 systems
C:\Winnt\Profiles\uName on multi-user Windows NT systems
C:\Windows\Profiles\uName on multi-user Windows 95 systems
C:\Windows on single-user Windows 95 systems

Thus, if the user name is "cathy", "user.home" defaults to 因此,如果用户名是“cathy”,则“user.home”默认为 

C:\Users\cathy on Windows 7 systems
C:\Winnt\Profiles\cathy on multi-user Windows NT systems
C:\Windows\Profiles\cathy on multi-user Windows 95 systems

http://docs.oracle.com/javase/1.5/docs/tooldocs/windows/keytool.html http://docs.oracle.com/javase/1.5/docs/tooldocs/windows/keytool.html

解决方案3
 25  2016-11-02 00:25:10

Mac OS X 10.12 with Java 1.8: 使用Java 1.8的Mac OS X 10.12:

$JAVA_HOME/jre/lib/security $ JAVA_HOME / JRE / lib / security中 

cd $JAVA_HOME

/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home /Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home

From there it's in: 从那里开始: 

./jre/lib/security

I have a cacerts keystore in there. 我有一个cacerts密钥库。

To specify this as a VM option: 要将其指定为VM选项: 

-Djavax.net.ssl.trustStore=/Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit

I'm not saying this is the correct way (Why doesn't java know to look within JAVA_HOME?), but this is what I had to do to get it working. 我不是说这是正确的方法(为什么java不知道在JAVA_HOME中查看?),但这是我必须要做的才能让它工作。

解决方案4
 15  2013-11-11 03:35:23

You can find it in your "Home" directory: 您可以在“主页”目录中找到它:

On Windows 7: 在Windows 7上: 

C:\Users\<YOUR_ACCOUNT>\.keystore

On Linux (Ubuntu): 在Linux(Ubuntu)上: 

/home/<YOUR_ACCOUNT>/.keystore

解决方案5
 13  2012-12-05 14:41:15

This works for me: 这对我有用: 

#! /bin/bash

CACERTS=$(readlink -e $(dirname $(readlink -e $(which keytool)))/../lib/security/cacerts)

if keytool -list -keystore $CACERTS -storepass changeit > /dev/null ; then
    echo $CACERTS
else
    echo 'Can not find cacerts file.' >&2
    exit 1
fi

Only for Linux. 仅适用于Linux。 My Solaris has no readlink. 我的Solaris没有readlink。 In the end I used this Perl-Script: 最后我使用了这个Perl-Script: 

#! /usr/bin/env perl
use strict;
use warnings;
use Cwd qw(realpath);
$_ = realpath((grep {-x && -f} map {"$_/keytool"} split(':', $ENV{PATH}))[0]);
die "Can not find keytool" unless defined $_;
my $keytool = $_;
print "Using '$keytool'.\n";
s/keytool$//;
$_ = realpath($_ . '../lib/security/cacerts');
die "Can not find cacerts" unless -f $_;
my $cacerts = $_;
print "Importing into '$cacerts'.\n";
`$keytool -list -keystore "$cacerts" -storepass changeit`;
die "Can not read key container" unless $? == 0;
exit if $ARGV[0] eq '-d';
foreach (@ARGV) {
    my $cert = $_;
    s/\.[^.]+$//;
    my $alias = $_;
    print "Importing '$cert' as '$alias'.\n";
    `keytool -importcert -file "$cert" -alias "$alias" -keystore "$cacerts" -storepass changeit`;
    warn "Can not import certificate: $?" unless $? == 0;
}

解决方案6
 6  2012-07-05 17:50:36

As DimtryB mentioned, by default the keystore is under the user directory. 正如DimtryB所提到的,默认情况下,密钥库位于用户目录下。 But if you are trying to update the cacerts file, so that the JVM can pick the keys, then you will have to update the cacerts file under jre/lib/security . 但是如果您正在尝试更新cacerts文件,以便JVM可以选择密钥,那么您将不得不更新jre/lib/security下的cacerts文件。 You can also view the keys by executing the command keytool -list -keystore cacerts to see if your certificate is added. 您还可以通过执行命令keytool -list -keystore cacerts来查看密钥,以查看是否添加了证书。

解决方案7
 1  2019-04-25 01:27:07

On Debian, using openjdk version "1.8.0_212", I found cacerts here: 在Debian上,使用openjdk版本“1.8.0_212”,我在这里找到了cacerts: 

 /etc/ssl/certs/java/cacerts

Sure would be handy if there was a standard command that would print out this path. 如果有一个打印出这条路径的标准命令,肯定会很方便。

解决方案8
 0  2015-10-26 13:06:28

We encountered this issue on a Tomcat running from a jre directory that was (almost fully) removed after an automatic jre update, so that the running jre could no longer find jre.../lib/security/cacerts because it no longer existed. 我们在从自动jre更新后(几乎完全)删除的jre目录运行的Tomcat上遇到此问题,因此运行的jre无法再找到jre ... / lib / security / cacerts,因为它已不存在。

Restarting Tomcat (after changing the configuration to run from the different jre location) fixed the problem. 重新启动Tomcat(在将配置更改为从不同的jre位置运行之后)修复了问题。

解决方案9
 0  2019-03-04 21:17:31

In addition to all answers above: 除了以上所有答案:

If updating the cacerts file in JRE directory doesn't help, try to update it in JDK. 如果更新JRE目录中的cacerts文件没有帮助,请尝试在JDK中更新它。

C:\\Program Files\\Java\\jdk1.8.0_192\\jre\\lib\\security C:\\ Program Files \\ Java \\ jdk1.8.0_192 \\ jre \\ lib \\ security

解决方案10
 -1  2019-08-28 08:48:56

对于使用官方OpenJDK 12 Docker镜像的我来说,Java密钥库的位置是: 

/usr/java/openjdk-12/lib/security/cacerts

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何找出我的 JVM 支持什么算法 [加密]? - How to find out what algorithm [ encryption ] are supported by my JVM? 如何找出JVM应用于我的代码的优化? - How to find out what optimizations the JVM applied to my code? 如何在运行时找出我的JVM中配置了什么垃圾收集算法? - How can I find out at runtime what garbage collection algorithm is configured in my JVM? 当垃圾收集期间JVM崩溃(段错误)时,如何找出收集的内容? - When a JVM crashes (segfaults) during garbage collection, how can I find out what was being collected? 如何找出源代码中包含哪些测试用例,并可以对其进行分类? - How do I find out what testcases are in my source code and can I categorize them? 在 Java 中,我如何找出我的资源包可用的语言 - In Java how do I find out what languages I have available my Resource Bundle 我如何找出JVM为什么忽略Linux上的kill -15(SIGTERM)? - How do I find out why JVM ignores kill -15 (SIGTERM) on linux? 如何使用 keytools 将我的 VPS SSL 证书导入到我的码头密钥库中? - How do I import my VPS SSL certificate into my jetty keystore using keytools? 在 Java 中,如何找出最大堆大小? - In Java, how do I find out what is my maximum heap size? 如何找到创建我的 JVM 的特定 java.exe 的位置? - How do I find the location of the specific java.exe that my JVM was created by?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM