14

我有一个 Java 应用程序访问使用 StartCom SSL 证书的服务。为此,我需要将 StartCom CA 证书添加到 Java 的信任库中,因为默认情况下它们还不存在。我已经使用这些命令在 linux 上成功完成了

sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt
sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt

(从这个脚本

但是,相同的命令(经过适当调整)在 Windows 上不起作用。我得到:

keytool error: java.lang.RuntimeException: Usage error, trustcacerts is not a legal command

如何让它发挥作用?

4

4 回答 4

5

这是一个简单的错字。在转换命令时,我忘记了“trustcacerts”之前的破折号。:(

于 2010-11-29T12:08:53.937 回答
2

在 Mac OS X Mavericks 10.9 上,我这样做了:

我总是创建一个稍后删除的 tmp 目录,但您不必:

mkdir ~/tmp
cd ~/tmp

然后下载证书:

curl http://www.startssl.com/certs/ca.crt -O
curl http://www.startssl.com/certs/sub.class1.server.ca.crt -O
curl http://www.startssl.com/certs/sub.class2.server.ca.crt -O
curl http://www.startssl.com/certs/sub.class3.server.ca.crt -O
curl http://www.startssl.com/certs/sub.class4.server.ca.crt -O

让您的 Java 回家:

$ /usr/libexec/java_home
/Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home

使用 keytool 安装它:

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt

sudo keytool -import -trustcacerts -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre/lib/securitycacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt
于 2014-01-07T20:06:40.547 回答
0

删除 -trustcacerts

于 2010-11-29T10:13:48.687 回答
0

是的,-trustcacerts是正确的语法。

但是要使链接脚本在 Cygwin 下工作,您需要sudo从所有keytool行中删除 -sudo在 Cygwin 中不可用。

于 2012-06-01T10:53:31.047 回答