Multiple entries after storing one single certificate into my Java keystore

淺唱寂寞╮ 提交于 2019-12-12 02:44:56

问题


I'm using the class InstallCert to import a VMware vCenter certificate into my local Java keystore.

The line socket.startHandshake() returns an UnsupportedOperationException, but the class SavingTrustManager still has downloaded the certificate successfully.

Then I store the downloaded certificate into my local keystore by using the following snippet.

KeyStore jsk;
... ... ..
jks.setCertificateEntry(alias, cert);
OutputStream out = new FileOutputStream("jssecacert");
jks.store(out, passphrase);
out.close();

But when I try to list all the entries in the keystore: keytool -list -keystore jssecacerts -v, It shows that there are 160 entries including the one that I have downloaded.

I'm pretty sure that the keystore is generated by my code, and it is supposed to be initially empty. I'd like to know where do the other 159 entries come from ?

Thanks.


回答1:


Use KeyStoreExplorer for comparing both truststores: jssecacerts generated by the Installcert class, and the cacerts file located en your Java>jre>security>lib.

Istallcert takes the certificate from the server and creates a copy of the truststore of the JVM you are using. then it adds the certificate to the copy of your truststore, and names it "jssecacerts". Check this piece of code:

File file = new File("jssecacerts");
    if (file.isFile() == false) {
        char SEP = File.separatorChar;
        File dir = new File(System.getProperty("java.home") + SEP
        + "lib" + SEP + "security");
        file = new File(dir, "jssecacerts");
        if (file.isFile() == false) {
            file = new File(dir, "cacerts");

            }
    }

You then just need to rename jsscacerts to cacerts and replace the original one on your JVM



来源:https://stackoverflow.com/questions/35036327/multiple-entries-after-storing-one-single-certificate-into-my-java-keystore

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!