Quali certificati radice affidabili sono inclusi in Java?
Quali certificati radice affidabili sono inclusi in Java, in particolare Sun Java e IBM Java? Come posso ottenere la lista da solo? Java su Windows utilizza i certificati dal sistema operativo?
Vai alla scheda "Java Control Panel", "Secure" e fai clic su "Certificati". Vai alla scheda "Sistema" e seleziona "Secure CA" o "Secure Sites CA" dal menu a discesa.
IIRC, i certificati sono memorizzati in un file serializzato Java in jre/lib/security/cacerts. Questo è un keystore Java standard che può essere manipolato con l'utilità keytool:
keytool -keystore "$Java_HOME\jre\lib\security\cacerts" -storepass changeit -list
Credo che Mac OS X ora usi il sistema operativo per gestire i certificati.
Sebbene Oracle JRE (in precedenza Sun JRE) sia dotato di una serie di certificati come Tom menzionato, su JRE verranno utilizzati anche i certificati associati al browser corrente per applet e app di avvio Web (a patto che tu stia utilizzando "Internet Explorer 5.0 o successivo o Mozilla 1.4 o successivo") .
Dovrebbe "funzionare" solo se si desidera eseguire la verifica della firma delle firme, l'autenticazione del server HTTPS o l'autenticazione del client HTTPS (ad esempio, firmando le applicazioni Web Start con un certificato aziendale già installato sulla macchina). Per casi d'uso più complicati potresti trovare questo documento più utile.
Ho appena scaricato jre1.6.0 ed eseguito il comando sopra:
Keystore type: JKS
Keystore provider: Sun
Your keystore contains 43 entries
entrustclientca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): DA:79:C1:71:11:50:C2:34:39:AA:2B:0B:0C:62:FD:55:B2:F9:F5:80
verisignclass3g2ca, Mar 25, 2004, trustedCertEntry,
Certificate fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
thawtepersonalbasicca, Feb 12, 1999, trustedCertEntry,
Certificate fingerprint (SHA1): 40:E7:8C:1D:52:3D:1C:D9:95:4F:AC:1A:1A:B3:BD:3C:BA:A1:5B:FC
addtrustclass1ca, May 2, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
verisignclass2g3ca, Mar 25, 2004, trustedCertEntry,
Certificate fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
thawtepersonalpremiumca, Feb 12, 1999, trustedCertEntry,
Certificate fingerprint (SHA1): 36:86:35:63:FD:51:28:C7:BE:A6:F0:05:CF:E9:B4:36:68:08:6C:CE
addtrustexternalca, May 2, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
valicertclass2ca, Jan 20, 2005, trustedCertEntry,
Certificate fingerprint (SHA1): 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
entrustsslca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
equifaxsecureebusinessca2, Jul 18, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): 39:4F:F6:85:0B:06:BE:52:E5:18:56:CC:10:E1:80:E8:82:B3:85:CC
equifaxsecureebusinessca1, Jul 18, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
thawtepremiumserverca, Feb 12, 1999, trustedCertEntry,
Certificate fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
verisignclass2g2ca, Mar 25, 2004, trustedCertEntry,
Certificate fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
addtrustqualifiedca, May 2, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
gtecybertrustca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (SHA1): 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
entrustglobalclientca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): CF:74:BF:FF:9B:86:81:5B:08:33:54:40:36:3E:87:B6:B6:F0:BF:73
utnuserfirsthardwareca, May 2, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
starfieldclass2ca, Jan 20, 2005, trustedCertEntry,
Certificate fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
verisignclass1g3ca, Mar 25, 2004, trustedCertEntry,
Certificate fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
thawteserverca, Feb 12, 1999, trustedCertEntry,
Certificate fingerprint (SHA1): 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
verisignclass3ca, Oct 27, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
entrustgsslca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): 89:39:57:6E:17:8D:F7:05:78:0F:CC:5E:C8:4F:84:F6:25:3A:48:93
geotrustglobalca, Jul 18, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
verisignclass1g2ca, Mar 25, 2004, trustedCertEntry,
Certificate fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47
utnuserfirstclientauthemailca, May 2, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
comodoaaaca, May 2, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
baltimorecybertrustca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
equifaxsecureca, Jul 18, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
verisignclass2ca, Oct 27, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): 67:82:AA:E0:ED:EE:E2:1A:58:39:D3:C0:CD:14:68:0A:4F:60:14:2A
verisignserverca, Jun 29, 1998, trustedCertEntry,
Certificate fingerprint (SHA1): 44:63:C5:31:D7:CC:C1:00:67:94:61:2B:B6:56:D3:BF:82:57:84:6F
entrust2048ca, Jan 9, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): 80:1D:62:D0:7B:44:9D:5C:5C:03:5C:98:EA:61:FA:44:3C:2A:58:FE
utndatacorpsgcca, May 2, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
soneraclass2ca, Mar 28, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
utnuserfirstobjectca, May 2, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
verisignclass1ca, Mar 25, 2004, trustedCertEntry,
Certificate fingerprint (SHA1): 90:AE:A2:69:85:FF:14:80:4C:43:49:52:EC:E9:60:84:77:AF:55:6F
gtecybertrustglobalca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
baltimorecodesigningca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (SHA1): 30:46:D8:C8:88:FF:69:30:C3:4A:FC:CD:49:27:08:7C:60:56:7B:0D
soneraclass1ca, Mar 28, 2006, trustedCertEntry,
Certificate fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF
thawtepersonalfreemailca, Feb 12, 1999, trustedCertEntry,
Certificate fingerprint (SHA1): 20:99:00:B6:3D:95:57:28:14:0C:D1:36:22:D8:C6:87:A4:EB:00:85
gtecybertrust5ca, May 10, 2002, trustedCertEntry,
Certificate fingerprint (SHA1): 47:C5:4C:BC:DA:5D:76:CE:62:88:38:11:AC:11:66:5D:55:F4:2C:00
verisignclass3g3ca, Mar 25, 2004, trustedCertEntry,
Certificate fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
godaddyclass2ca, Jan 20, 2005, trustedCertEntry,
Certificate fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
equifaxsecureglobalebusinessca1, Jul 18, 2003, trustedCertEntry,
Certificate fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45