在 java 1.8中导入CFCA根证书
CFCA EV ROOT证书是中国金融认证中心(CFCA)颁发的扩展验证(EV)根证书.常用于银行、证券、保险等金融行业的SSL证书签发
#查看java 1.8 内置的证书,默认没有 CFCA
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit | grep jdk | awk '{print $1}'
# 查看是否有后导入的证书
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit | grep -v "jdk"
#备份原始的cacerts文件
cp $JAVA_HOME/jre/lib/security/cacerts $JAVA_HOME/jre/lib/security/cacerts.backup.$(date +%Y%m%d)
#导入CFCA EV ROOT证书到Java证书库
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias cfcaevroot -file /path/to/cfca_ev_root.crt
#如果提示证书已存在,可以先删除旧的再导入
keytool -delete -alias cfcaevroot -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
#查看根证书(已成功导入)
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit | grep -i cfca
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit | sort
#查看证书信息
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias cfcaevroot
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias cfcaevroot | grep -E "Alias|Owner"
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias cfcaevroot | grep -A2 "Alias name:"
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias cfcaevroot | grep -E "Alias|Valid|SHA1|Owner|Issuer"
#查看用户导入的证书(排除jdk开头的)
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit | grep -v "jdk"
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit | grep -v "jdk" | awk -F, '{print $1}'
#查看证书指纹
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias cfcaevroot | grep -E "SHA1|SHA256|MD5"
# 测试连接到使用CFCA证书的网站
curl -v https://example-with-cfca-cert.com 2>&1 | grep -i "certificate"
重启Java应用,重新加载证书库