如何获取默认 java 安装的 ccerts 位置？

在 Linux下，查找 $JAVA_HOME的位置:

readlink -f /usr/bin/java | sed "s:bin/java::"

cacerts是在 lib/security/cacerts之下:

$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts

Under Mac OS X , to find $JAVA_HOME run:

/usr/libexec/java_home

the cacerts are under Home/lib/security/cacerts:

$(/usr/libexec/java_home)/lib/security/cacerts

更新(带 JDK 的 OS X)

上面的代码是在没有安装 JDK 的计算机上测试的。 安装了 JDK 和 就像保护令上说的那样之后，它的位置是

$(/usr/libexec/java_home)/jre/lib/security/cacerts

从 OS X 10.10.1(Yosemite)开始，cacerts文件的位置已更改为

$(/usr/libexec/java_home)/jre/lib/security/cacerts

You can also consult readlink -f "which java". However it might not work for all binary wrappers. It is most likely better to actually start a Java class.

如果需要以编程方式访问这些证书，最好不要使用该文件，而是通过信任管理器访问它。下面的代码来自 OpenJDK测试案例(它确保构建的 ccerts 集合不是空的) :

TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance("PKIX");
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers =
trustManagerFactory.getTrustManagers();
X509TrustManager trustManager =
(X509TrustManager) trustManagers[0];
X509Certificate[] acceptedIssuers =
trustManager.getAcceptedIssuers();

因此，您不必处理文件位置或密钥存储库密码。

在高塞拉利昂，恶性肿瘤位于: /Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/Contents/Home/jre/lib/security/cacerts

在 MacOS Mojave 中，位置是:

/Library/Java/JavaVirtualMachines/jdk1.8.0_192.jdk/Contents/Home/jre/lib/security/cacerts

如果使用 sdkman 来管理 java 版本，则使用

~/.sdkman/candidates/java/current/jre/lib/security

在 Ubuntu 20.04.3 LTS 中，恶性肿瘤位于: /etc/ssl/certs/java/cacerts

$ java --version
openjdk 11.0.11 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.20.04)
OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing)

$ ls -lah /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts*
/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -> /etc/ssl/certs/java/cacerts

从 Java 9开始，就是这样了

${JAVA_HOME}/lib/security/cacerts

as opposed to the usual

${JAVA_HOME}/jre/lib/security/cacerts