前言
工作对接EMS,给的测试地址是https。
调接口的时候发现ssl证书认证不通过,就猜测是自签的证书了
1. 导出ssl证书
浏览器输入https链接,打开后提示证书不安全。
再打开地址栏左侧不安全按钮后点击证书无效
2. 添加至jdk信任证书
关键命令
bin/keytool -import -v -trustcacerts -alias ems-test -file /ems-test.cer -storepass changeit -keystore "lib/security/cacerts"
详细步骤
[root@jszwjs56ji /]# whereis java
java: /data/jdk1.8.0_201/bin/java /data/jdk1.8.0_201/jre/bin/java
[root@jszwjs56ji /]# cd /data/jdk1.8.0_201/jre/
[root@jszwjs56ji jre]# bin/keytool -import -v -trustcacerts -alias ems-test -file /ems-test.cer -storepass changeit -keystore "lib/security/cacerts"
Owner: CN=SafeLine Fallback Certificate
Issuer: CN=SafeLine Fallback Certificate
Serial number: 2d2f1cc3f9af24307146cf84d09100b5
Valid from: Mon Sep 13 22:37:48 CST 2021 until: Thu Sep 11 22:37:48 CST 2031
Certificate fingerprints:
MD5: 0C:92:DA:1C:7D:9E:82:91:6B:5D:5D:72:22:2E:09:76
SHA1: 5C:0E:D7:25:64:DA:29:4B:8E:A3:69:A2:FA:4C:EE:3E:AF:CB:DB:36
SHA256: 93:D2:E7:8D:5B:83:C2:FF:D4:DD:7F:F1:6F:D0:06:CE:69:A4:EC:77:B7:02:88:59:CE:47:E8:86:07:F8:40:A0
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#2: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
Trust this certificate? [no]: y
Certificate was added to keystore
[Storing lib/security/cacerts]
含义解释
- keytool:jre自带工具
- ems-test:自定义证书别名
- /ems-test.cer:证书路径,我这里传到根路径了
- changeit:默认密码
- cacerts:将证书内容导入到此文件中
3. 其他操作
查看证书列表
bin/keytool -list -keystore "lib/security/cacerts" -storepass changeit
删除指定证书
输入默认密码:changeit
bin/keytool -delete -alias ems-test -keystore cacerts