it-swarm.asia

Java'da hangi güvenilir kök sertifikalar var?

Hangi güvenilir kök sertifikalar Java'da, özellikle Sun Java ve IBM Java'da bulunur? Listeyi kendim nasıl alabilirim? Windows'ta Java, işletim sisteminden sertifika kullanıyor mu?

35
Peter Štibraný

"Java Kontrol Paneli", "Güvenli" sekmesine gidin ve "Sertifikalar" üzerine tıklayın. "Sistem" sekmesine gidin ve açılır menüden "Güvenli CA" veya "Güvenli Siteler CA" seçeneğini seçin.

IIRC, sertifikalar Java serileştirilmiş bir dosyada jre/lib/security/cacerts içinde saklanır. Bu, keytool yardımcı programıyla değiştirilebilen standart bir Java anahtar deposudur:

keytool -keystore "$Java_HOME\jre\lib\security\cacerts" -storepass changeit -list

Mac OS X'in artık sertifikaları işlemek için işletim sistemi kullandığına inanıyorum.

33

Oracle JRE (eski adı Sun JRE) Tom'un bahsettiği sertifikalarla birlikte gelse de, Windows'ta JRE uygulamacılar ve Web Start uygulamaları için varsayılan olarak geçerli tarayıcıyla ilişkili sertifikaları kullanacaktır (sürece) "Internet Explorer 5.0 veya üstü ya da Mozilla 1.4 ya da üstü") kullanıyor.

İmza imzalama doğrulaması, HTTPS sunucusu kimlik doğrulaması veya HTTPS istemcisi doğrulaması (örneğin, Web Başlat uygulamalarını makinenize önceden yüklenmiş bir şirket sertifikasıyla imzalama) yapmak istiyorsanız "çalışmalıdır". Daha karmaşık kullanım durumları için bu belge daha yararlı bulabilirsiniz.

7
rxg

Ben sadece jre1.6.0 indirdi ve yukarıdaki komutu yürüttüm:

    Keystore type: JKS
    Keystore provider: Sun

    Your keystore contains 43 entries

    entrustclientca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): DA:79:C1:71:11:50:C2:34:39:AA:2B:0B:0C:62:FD:55:B2:F9:F5:80
    verisignclass3g2ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
    thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 40:E7:8C:1D:52:3D:1C:D9:95:4F:AC:1A:1A:B3:BD:3C:BA:A1:5B:FC
    addtrustclass1ca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
    verisignclass2g3ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
    thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 36:86:35:63:FD:51:28:C7:BE:A6:F0:05:CF:E9:B4:36:68:08:6C:CE
    addtrustexternalca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
    valicertclass2ca, Jan 20, 2005, trustedCertEntry, 
    Certificate fingerprint (SHA1): 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
    entrustsslca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
    equifaxsecureebusinessca2, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 39:4F:F6:85:0B:06:BE:52:E5:18:56:CC:10:E1:80:E8:82:B3:85:CC
    equifaxsecureebusinessca1, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
    thawtepremiumserverca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
    verisignclass2g2ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
    addtrustqualifiedca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
    gtecybertrustca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
    entrustglobalclientca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): CF:74:BF:FF:9B:86:81:5B:08:33:54:40:36:3E:87:B6:B6:F0:BF:73
    utnuserfirsthardwareca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
    starfieldclass2ca, Jan 20, 2005, trustedCertEntry, 
    Certificate fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
    verisignclass1g3ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
    thawteserverca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
    verisignclass3ca, Oct 27, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
    entrustgsslca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 89:39:57:6E:17:8D:F7:05:78:0F:CC:5E:C8:4F:84:F6:25:3A:48:93
    geotrustglobalca, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
    verisignclass1g2ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47
    utnuserfirstclientauthemailca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
    comodoaaaca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
    baltimorecybertrustca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
    equifaxsecureca, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
    verisignclass2ca, Oct 27, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 67:82:AA:E0:ED:EE:E2:1A:58:39:D3:C0:CD:14:68:0A:4F:60:14:2A
    verisignserverca, Jun 29, 1998, trustedCertEntry, 
    Certificate fingerprint (SHA1): 44:63:C5:31:D7:CC:C1:00:67:94:61:2B:B6:56:D3:BF:82:57:84:6F
    entrust2048ca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 80:1D:62:D0:7B:44:9D:5C:5C:03:5C:98:EA:61:FA:44:3C:2A:58:FE
    utndatacorpsgcca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
    soneraclass2ca, Mar 28, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
    utnuserfirstobjectca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
    verisignclass1ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 90:AE:A2:69:85:FF:14:80:4C:43:49:52:EC:E9:60:84:77:AF:55:6F
    gtecybertrustglobalca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
    baltimorecodesigningca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 30:46:D8:C8:88:FF:69:30:C3:4A:FC:CD:49:27:08:7C:60:56:7B:0D
    soneraclass1ca, Mar 28, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF
    thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 20:99:00:B6:3D:95:57:28:14:0C:D1:36:22:D8:C6:87:A4:EB:00:85
    gtecybertrust5ca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 47:C5:4C:BC:DA:5D:76:CE:62:88:38:11:AC:11:66:5D:55:F4:2C:00
    verisignclass3g3ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
    godaddyclass2ca, Jan 20, 2005, trustedCertEntry, 
    Certificate fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
    equifaxsecureglobalebusinessca1, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
1
ruediste