it-swarm-eu.dev

Quali certificati radice affidabili sono inclusi in Java?

Quali certificati radice affidabili sono inclusi in Java, in particolare Sun Java e IBM Java? Come posso ottenere la lista da solo? Java su Windows utilizza i certificati dal sistema operativo?

35
Peter Štibraný

Vai alla scheda "Java Control Panel", "Secure" e fai clic su "Certificati". Vai alla scheda "Sistema" e seleziona "Secure CA" o "Secure Sites CA" dal menu a discesa.

IIRC, i certificati sono memorizzati in un file serializzato Java in jre/lib/security/cacerts. Questo è un keystore Java standard che può essere manipolato con l'utilità keytool:

keytool -keystore "$Java_HOME\jre\lib\security\cacerts" -storepass changeit -list

Credo che Mac OS X ora usi il sistema operativo per gestire i certificati.

33

Sebbene Oracle JRE (in precedenza Sun JRE) sia dotato di una serie di certificati come Tom menzionato, su JRE verranno utilizzati anche i certificati associati al browser corrente per applet e app di avvio Web (a patto che tu stia utilizzando "Internet Explorer 5.0 o successivo o Mozilla 1.4 o successivo") .

Dovrebbe "funzionare" solo se si desidera eseguire la verifica della firma delle firme, l'autenticazione del server HTTPS o l'autenticazione del client HTTPS (ad esempio, firmando le applicazioni Web Start con un certificato aziendale già installato sulla macchina). Per casi d'uso più complicati potresti trovare questo documento più utile.

7
rxg

Ho appena scaricato jre1.6.0 ed eseguito il comando sopra:

    Keystore type: JKS
    Keystore provider: Sun

    Your keystore contains 43 entries

    entrustclientca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): DA:79:C1:71:11:50:C2:34:39:AA:2B:0B:0C:62:FD:55:B2:F9:F5:80
    verisignclass3g2ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
    thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 40:E7:8C:1D:52:3D:1C:D9:95:4F:AC:1A:1A:B3:BD:3C:BA:A1:5B:FC
    addtrustclass1ca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
    verisignclass2g3ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
    thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 36:86:35:63:FD:51:28:C7:BE:A6:F0:05:CF:E9:B4:36:68:08:6C:CE
    addtrustexternalca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
    valicertclass2ca, Jan 20, 2005, trustedCertEntry, 
    Certificate fingerprint (SHA1): 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
    entrustsslca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
    equifaxsecureebusinessca2, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 39:4F:F6:85:0B:06:BE:52:E5:18:56:CC:10:E1:80:E8:82:B3:85:CC
    equifaxsecureebusinessca1, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
    thawtepremiumserverca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
    verisignclass2g2ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
    addtrustqualifiedca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
    gtecybertrustca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
    entrustglobalclientca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): CF:74:BF:FF:9B:86:81:5B:08:33:54:40:36:3E:87:B6:B6:F0:BF:73
    utnuserfirsthardwareca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
    starfieldclass2ca, Jan 20, 2005, trustedCertEntry, 
    Certificate fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
    verisignclass1g3ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
    thawteserverca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
    verisignclass3ca, Oct 27, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
    entrustgsslca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 89:39:57:6E:17:8D:F7:05:78:0F:CC:5E:C8:4F:84:F6:25:3A:48:93
    geotrustglobalca, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
    verisignclass1g2ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47
    utnuserfirstclientauthemailca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
    comodoaaaca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
    baltimorecybertrustca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
    equifaxsecureca, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
    verisignclass2ca, Oct 27, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 67:82:AA:E0:ED:EE:E2:1A:58:39:D3:C0:CD:14:68:0A:4F:60:14:2A
    verisignserverca, Jun 29, 1998, trustedCertEntry, 
    Certificate fingerprint (SHA1): 44:63:C5:31:D7:CC:C1:00:67:94:61:2B:B6:56:D3:BF:82:57:84:6F
    entrust2048ca, Jan 9, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 80:1D:62:D0:7B:44:9D:5C:5C:03:5C:98:EA:61:FA:44:3C:2A:58:FE
    utndatacorpsgcca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
    soneraclass2ca, Mar 28, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
    utnuserfirstobjectca, May 2, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
    verisignclass1ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 90:AE:A2:69:85:FF:14:80:4C:43:49:52:EC:E9:60:84:77:AF:55:6F
    gtecybertrustglobalca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
    baltimorecodesigningca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 30:46:D8:C8:88:FF:69:30:C3:4A:FC:CD:49:27:08:7C:60:56:7B:0D
    soneraclass1ca, Mar 28, 2006, trustedCertEntry, 
    Certificate fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF
    thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry, 
    Certificate fingerprint (SHA1): 20:99:00:B6:3D:95:57:28:14:0C:D1:36:22:D8:C6:87:A4:EB:00:85
    gtecybertrust5ca, May 10, 2002, trustedCertEntry, 
    Certificate fingerprint (SHA1): 47:C5:4C:BC:DA:5D:76:CE:62:88:38:11:AC:11:66:5D:55:F4:2C:00
    verisignclass3g3ca, Mar 25, 2004, trustedCertEntry, 
    Certificate fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
    godaddyclass2ca, Jan 20, 2005, trustedCertEntry, 
    Certificate fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
    equifaxsecureglobalebusinessca1, Jul 18, 2003, trustedCertEntry, 
    Certificate fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
1
ruediste