0
点赞
收藏
分享

微信扫一扫

jdk导入ssl证书(信任自签https证书)

勇敢乌龟 2022-03-12 阅读 168
httpssslhttp

前言

工作对接EMS,给的测试地址是https。
调接口的时候发现ssl证书认证不通过,就猜测是自签的证书了

1. 导出ssl证书


浏览器输入https链接,打开后提示证书不安全。
再打开地址栏左侧不安全按钮后点击证书无效

2. 添加至jdk信任证书

关键命令

bin/keytool -import -v -trustcacerts -alias ems-test -file /ems-test.cer -storepass changeit -keystore "lib/security/cacerts"

详细步骤

[root@jszwjs56ji /]# whereis java
java: /data/jdk1.8.0_201/bin/java /data/jdk1.8.0_201/jre/bin/java
[root@jszwjs56ji /]# cd /data/jdk1.8.0_201/jre/
[root@jszwjs56ji jre]# bin/keytool -import -v -trustcacerts -alias ems-test -file /ems-test.cer -storepass changeit -keystore "lib/security/cacerts"
Owner: CN=SafeLine Fallback Certificate
Issuer: CN=SafeLine Fallback Certificate
Serial number: 2d2f1cc3f9af24307146cf84d09100b5
Valid from: Mon Sep 13 22:37:48 CST 2021 until: Thu Sep 11 22:37:48 CST 2031
Certificate fingerprints:
         MD5:  0C:92:DA:1C:7D:9E:82:91:6B:5D:5D:72:22:2E:09:76
         SHA1: 5C:0E:D7:25:64:DA:29:4B:8E:A3:69:A2:FA:4C:EE:3E:AF:CB:DB:36
         SHA256: 93:D2:E7:8D:5B:83:C2:FF:D4:DD:7F:F1:6F:D0:06:CE:69:A4:EC:77:B7:02:88:59:CE:47:E8:86:07:F8:40:A0
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#2: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

Trust this certificate? [no]:  y
Certificate was added to keystore
[Storing lib/security/cacerts]

含义解释

  • keytool:jre自带工具
  • ems-test:自定义证书别名
  • /ems-test.cer:证书路径,我这里传到根路径了
  • changeit:默认密码
  • cacerts:将证书内容导入到此文件中

3. 其他操作

查看证书列表

bin/keytool -list -keystore "lib/security/cacerts" -storepass changeit

删除指定证书
输入默认密码:changeit

bin/keytool -delete -alias ems-test -keystore cacerts
举报

相关推荐

0 条评论