如何将自签名证书正确导入Java密钥库，默认情况下可供所有Java应用程序使用？

在项目开发中,有时会遇到与SSL安全证书导入打交道的，如何把证书导入java中的cacerts证书库呢？

# cat install.sh

#########################################################

#!/usr/bin/env bash

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin

export JAVA_HOME="/opt/jre1.8.0_212"

plain='\033[0m'

red='\033[0;31m'

green='\033[0;32m'

yellow='\033[0;33m'

kt="${JAVA_HOME}/bin/keytool"

ct="${JAVA_HOME}/jre/lib/security/cacerts"

[ $(id -u) != 0 ] && { echo -e "[${red}Error${plain}] 当前用户不是root"; exit 1; }

function check_tool() {

    [ -f ${kt} ] || { echo -e "[${red}Error${plain}] ${JAVA_HOME}/bin/keytool不存在"; exit 1; }

    [ -f ${ct} ] || { echo -e "[${red}Error${plain}] ${JAVA_HOME}/jre/lib/security/cacerts不存在"; exit 1; }

}

function import_cacert() {

    echo -e "[${green}Info${plain}] 导入apple cacert"

    ${JAVA_HOME}/bin/keytool -import -alias apple_cacert1 -keystore ${JAVA_HOME}/jre/lib/security/cacerts -storepass "changeit"  --noprompt -trustcacerts -file AAACertificateServices.crt

    ${JAVA_HOME}/bin/keytool -import -alias apple_cacert2 -keystore ${JAVA_HOME}/jre/lib/security/cacerts -storepass "changeit"  --noprompt -trustcacerts -file USERTrustRSAAAACA.crt

    ${JAVA_HOME}/bin/keytool -import -alias apple_cacert3 -keystore ${JAVA_HOME}/jre/lib/security/cacerts -storepass "changeit"  --noprompt -trustcacerts -file COMODORSAAAACA.crt

}

function check_cacert() {

    echo -e "[${green}Info${plain}] 查询apple cacert"

    ${JAVA_HOME}/bin/keytool -list -keystore ${JAVA_HOME}/jre/lib/security/cacerts -storepass "changeit" | grep -iA1 "apple_cacert"

}

function install_apple_cacert() {

  check_tool

  import_cacert

  check_cacert

}

install_apple_cacert 2>&1 | tee install_log.log

exit 0

###############################################################

参考

如何把安全证书导入到java中的cacerts证书库

https://my.oschina.net/farces/blog/335811

一键获取站点证书导入到java信任库

https://github.com/ssbarnea/keytool-trust/blob/master/keytool-trust

有没有加载 $JAVA_HOME/lib/security 文件夹中指定的cacerts的方法？

https://cloud.tencent.com/developer/ask/51974

https://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager

How to set up Java to use user specific certificates for Eclipse?

https://stackoverflow.com/questions/663890/how-to-set-up-java-to-use-user-specific-certificates-for-eclipse