将 Windows 证书导入 Java

2022-01-25 00:00:00 ssl certificate java truststore

我有一个 java 服务器正在尝试通过 SSL 连接到外部 Ldap 服务器(作为客户端以执行查询).

我在连接时遇到问题,因为他们在连接时发送给我的证书仅在我的本地 Windows 信任库中受信任,但在 java 信任库 (cacerts) 中不存在.

有没有办法告诉 Java 信任 Windows 可以信任的任何证书?

或者,有没有办法将所有受信任的证书从 windows 信任库导入到 Java 的 cacerts?

任何想法将不胜感激.

解决方案

有没有办法告诉 Java 信任 Windows 可以信任的任何证书?

请查看@synoly 的回答

JVM 默认位于 jre/lib/security/cacerts.您也可以设置自己的信任库:

System.setProperty(javax.net.ssl.trustStore",path_to_your_trustore_jks_file);System.setProperty(javax.net.ssl.trustStorePassword",password");

<块引用>

有没有办法将所有受信任的证书从 windows 信任库导入到 Java 的 cacerts 中?

没有任何自动过程,但您可以构建一个程序来从 Windows 证书存储中提取受信任的权限并导入配置为在您的应用程序中使用的信任存储(不建议修改 cacerts)

//读取Windows信任库KeyStore ks = KeyStore.getInstance("Windows-ROOT");ks.load(null, null) ;

I have a java server that is trying to connect to an external Ldap server through SSL (as a client in order to perform queries).

I'm having trouble connecting since the certificate they send me upon connecting is trusted only in my local windows Truststore but is not present in java truststore (cacerts).

Is there a way to tell Java to trust any certificate that windows would have trust?

Or, alternatively, is there a way to import all trusted certificates from windows truststore to Java's cacerts?

Any idea would be appreciated.

解决方案

Is there a way to tell Java to trust any certificate that windows would have trust?

Please check @synoly's answer

The JVM default is located at jre/lib/security/cacerts. You can set also your own truststore:

System.setProperty ("javax.net.ssl.trustStore", path_to_your_trustore_jks_file);
System.setProperty ("javax.net.ssl.trustStorePassword", "password");

is there a way to import all trusted certificates from windows truststore to Java's cacerts?

There is no any automatic process, but you could build a program to extract trusted authorities from windows certificate store and import into a truststore configured to use in your application (modifying cacerts is not recommended)

//Read Windows truststore
KeyStore ks = KeyStore.getInstance("Windows-ROOT");
ks.load(null, null) ;

相关文章