Главная » Языки программирования

Cacert file in java

Содержание
  1. How to view and edit cacerts file?
  2. 2 Answers 2
  3. How to view and edit cacerts file in Java?
  4. Method 1: Using Keytool
  5. Method 2: Using Third-Party Keystore Explorer
  6. Method 3: Direct Editing of the cacerts File
  7. How to import a .cer certificate into a java keystore?

How to view and edit cacerts file?

Using RAD 8.5 with WAS 8.5 runtime, I am getting an exception on my console: The keystore located at «C:\IBM\Websphere85\jdk\jre\lib\security\cacerts» failed to load due to the following error: DerInputStream.getLength(): lengthTag=109, too big.. After searching for the error I got this link which suggests to edit the file and remove blank lines/extra characters. How do I edit the file? I am on windows environment and the file seems to be base64 encoded.

According to that same link, it’s not a problem with the Base64 encoding itself but rather with extra blank lines or visible data after the end. «Base64» contains just plain ASCII text (per its definition) and so you can use Notepad or any other plain text editor.

@Jongware: Notepad did not seem to be a good editor for doing that. I had to open up it in Wordpad but still I am not able to read it due to encoding and so there is no way to verify if I have made good edits. Well, it did not work though.

Unfortunately, you are not helping us to help you . 1. Actually your question is OT for SO unless this is a specific problem with code you wrote; 2. My suggestion is based on your own assertion the file you are talking about is the same type as in your link; 3. Editing a plain Base64 file ought to be possible using Notepad, and if this wasn’t possible, then it’s not a file of the type you think it is, or it is not the same error you think it is.

Читайте также:  Форма по центру страницы html

@Jongware: Please let me elaborate. In the Notepad, I do not see any blank lines (whole file appears as a big block of text) whereas in the Wordpad I am able to see blank lines. But removing blank lines using Wordpad has not helped me so far. And the text I see in Wordpad is partly plain text(ASCII) and partly encoded[1]. I am interested in knowing if there is a specific editor that can show me the file «All in Plain Text» format (like it is displayed using the keytool utility) so I know that I am not messing up with the file or changing its contents by mistake.

[1] Regarding the encoding, as the link says to remove Base64-encoded text certificates; I assumed that might be the case. As far as I know, the certificates are usually DER-encoded. Since cacerts is without any extension I am not sure about its encoding. This is all I know. Any help is appreciated!

2 Answers 2

As far as the original question, you can use the keytool command to view and edit a keystore like cacerts .

To view all keys in the keystore, use keytool -list :

where $ is the path to the cacerts file, in your case C:\IBM\Websphere85\jdk\jre\lib\security\cacerts .

To remove a specific key, use keytool -delete :

$ keytool -delete -alias $ -keystore $

where $ is an existing key alias from the above -list command. *

To add a new key that was already generated elsewhere, use keytool -importcert :

$ keytool -importcert -alias $ -keystore $ -file $

where $ is the path to an existing certificate or certificate chain.

Note that with each of these commands, you will be prompted for the keystore password which you can instead specify with the -storepass option. For example:

$ keytool -delete -noprompt -alias $ -keystore $ -storepass $

* The $ is the left-most value in the lines outputted from keytool -list .

For example, if this is the ouput from keytool -list :

$ keytool -list -keystore ./cacerts Enter keystore password: Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries verisignclass1ca, Jun 29, 1998, trustedCertEntry, Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20 verisignserverca, Jun 29, 1998, trustedCertEntry, Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93

then verisignclass1ca and verisignserverca are aliases you can specify to delete.

Источник

How to view and edit cacerts file in Java?

The cacerts file in Java is a keystore file containing trusted certificate authorities (CA) used to verify the identity of remote servers. In some cases, it may be necessary to view and edit the contents of the cacerts file, for example to add a custom CA or to remove a CA that is no longer trusted. This question covers the methods to view and edit the cacerts file in Java.

Method 1: Using Keytool

You can view and edit the cacerts file in Java using Keytool. Here are the steps to do it:

  1. Open the command prompt or terminal window.
  2. Navigate to the Java bin directory.
  3. Run the following command to view the content of the cacerts file: 
keytool -list -keystore "%JAVA_HOME%\jre\lib\security\cacerts"
keytool -importcert -alias myalias -file mycert.cer -keystore "%JAVA_HOME%\jre\lib\security\cacerts"
keytool -list -keystore "%JAVA_HOME%\jre\lib\security\cacerts"

That’s it! You now know how to view and edit the cacerts file in Java using Keytool.

Method 2: Using Third-Party Keystore Explorer

  1. Download and install the Third-Party Keystore Explorer from the official website.
  2. Open the Keystore Explorer and click on «File» -> «Open».
  3. Navigate to the Java installation directory and select the «cacerts» file. The default location is «C:\Program Files\Java\jre[version]\lib\security\cacerts».
  4. Enter the password for the cacerts file. The default password is «changeit».
  5. Once the cacerts file is opened, you can view the certificates by expanding the «cacerts» entry in the left-hand pane.
  6. To edit a certificate, right-click on it and select «Edit Certificate».
  7. In the «Certificate Editor» window, you can modify the certificate details and click «OK» to save the changes.
import java.io.FileInputStream; import java.security.KeyStore; import java.security.cert.X509Certificate; public class CacertsViewer  public static void main(String[] args) throws Exception  String cacertsPath = "C:\\Program Files\\Java\\jre8\\lib\\security\\cacerts"; String cacertsPassword = "changeit"; String alias = "mycert"; // Load the cacerts file KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(cacertsPath), cacertsPassword.toCharArray()); // Get the certificate by alias X509Certificate cert = (X509Certificate) ks.getCertificate(alias); // Print the certificate details System.out.println("Certificate: " + cert.getSubjectDN()); System.out.println("Issuer: " + cert.getIssuerDN()); System.out.println("Serial number: " + cert.getSerialNumber()); System.out.println("Valid from: " + cert.getNotBefore()); System.out.println("Valid until: " + cert.getNotAfter()); > >

This code loads the cacerts file, retrieves a certificate by alias, and prints its details. You can modify the certificate details and save the changes using the Third-Party Keystore Explorer as described above.

Method 3: Direct Editing of the cacerts File

To directly edit the cacerts file in Java, follow these steps:

  1. Locate the cacerts file. This file is usually located in the $JAVA_HOME/jre/lib/security directory.
  2. Make a backup copy of the cacerts file before making any changes.
  3. Open a terminal or command prompt and navigate to the directory where the cacerts file is located.
  4. Use the keytool command to view the contents of the cacerts file: 
keytool -list -v -keystore cacerts
keytool -import -trustcacerts -alias mycert -file mycert.crt -keystore cacerts
keytool -delete -alias mycert -keystore cacerts

Here is an example of how to add a certificate to the cacerts file:

keytool -import -trustcacerts -alias mycert -file mycert.crt -keystore cacerts

This command will import the certificate in the mycert.crt file into the cacerts file with the alias «mycert».

Here is an example of how to delete a certificate from the cacerts file:

keytool -delete -alias mycert -keystore cacerts

This command will delete the certificate with the alias «mycert» from the cacerts file.

That’s it! You now know how to view and edit the cacerts file in Java using direct editing. Remember to always make a backup copy of the cacerts file before making any changes.

Источник

How to import a .cer certificate into a java keystore?

During the development of a Java webservice client I ran into a problem. Authentication for the webservice is using a client certificate, a username and a password. The client certificate I received from the company behind the webservice is in .cer format. When I inspect the file using a text editor, it has the following contents:

-----BEGIN CERTIFICATE----- [Some base64 encoded data] -----END CERTIFICATE-----

I can import this file as a certificate in Internet Explorer (without having to enter a password!) and use it to authenticate with the webservice. I was able to import this certificate into a keystore by first stripping the first and last line, converting to unix newlines and running a base64-decode. The resulting file can be imported into a keystore (using the keytool command). When I list the entries in the keystore, this entry is of the type trustedCertEntry . Because of this entry type (?) I cannot use this certificate to authenticate with the webservice. I’m beginning to think that the provided certificate is a public certificate which is being used for authentication. A workaround I have found is to import the certificate in IE and export it as a .pfx file. This file can be loaded as a keystore and can be used to authenticate with the webservice. However I cannot expect my clients to perform these steps every time they receive a new certificate. So I would like to load the .cer file directly into Java. Any thoughts? Additional info: the company behind the webservice told me that the certificate should be requested (using IE & the website) from the PC and user that would import the certificate later.

Источник

Оцените статью
© 2024 Программирование