Can we export certificates from JRE's "cacerts" file and import it to higher JRE version?

huangapple go评论81阅读模式
英文:

Can we export certificates from JRE's "cacerts" file and import it to higher JRE version?

问题

我正在使用 JRE 8u211。我在 cacerts 中添加了一些证书。但是当我将 JRE 升级到 8u261 时,这些证书没有被导入。因此现在我希望能够通过别名编程方式从 8u211 的 cacerts 文件中导出所需的证书,然后将这些证书导入到 8u261 的 cacerts 文件中。

这种操作是否可行或受支持?

提前感谢。

英文:

I am using a JRE 8u211. And i have few certificates added in cacerts. But when I upgrade JRE to 8u261, those certificates are not getting imported. So now i want to programmatically export the required certificates from cacerts file of 8u211 using the alias names and then import those certificates to the cacerts file of 8u261.

Is this even possible or supported?

Thanks in advance.

答案1

得分: 4

证书只是一种数据。您绝对可以将其导出到文件,然后将该数据导入到其他文件中。

如果您只想将一个信任存储库文件的数据导入另一个文件,您可以直接使用缓冲区,而无需将数据存储到中间文件中:

keytool.exe -importkeystore -srckeystore %JAVA_HOME%\lib\security\cacerts -destkeystore \your\file\path\filename
            -deststoretype jks
            -srcstorepass changeit -deststorepass changeit
            -v -noprompt

但是,您也可以逐个执行这两个操作:

  1. 导出证书:

    keytool -export -alias alias_name -keystore path_to_keystore_file -rfc -file path_to_certificate_file
    
  2. 导入证书:

    keytool -importcert -alias alias_name -file path_to_certificate_file -keystore truststore_file
    

有关详细信息,请阅读此处此处此处

英文:

Certificate is just a data. You definitely can export it to the file, and import that data into some other file.

If you just want to import one truststore file's data into another, you can directly make use of buffer without storing data into an intermediary file:

keytool.exe -importkeystore -srckeystore %JAVA_HOME%\lib\security\cacerts -destkeystore \your\file\path\filename
            -deststoretype jks
            -srcstorepass changeit -deststorepass changeit
            -v -noprompt

However, you can also do these two operations one by one:

  1. To export the certificate:

    keytool -export -alias alias_name -keystore path_to_keystore_file -rfc -file path_to_certificate_file
    
  2. To import the certificate:

    keytool -importcert -alias alias_name -file path_to_certificate_file -keystore truststore_file
    

More on this can be read here, here and here.

huangapple
  • 本文由 发表于 2020年10月15日 16:17:28
  • 转载请务必保留本文链接:https://go.coder-hub.com/64367491.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定