我似乎无法找到我的 fedora (23) 版本中受信任 CA 的默认列表的位置。每当我认为我已经接近时,我都会发现一个自述文件警告我,如果update-ca-trust运行命令,我正在查看的文件将被覆盖。当我对 java 密钥库进行编辑时,我验证了这一点
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.92-1.b14.fc23.x86_64/jre/lib/security/cacerts(我的删除内容已添加回)
自述文件确实参考了我的查看:/usr/share/pki/ca-trust-source/但是/etc/pki/ca-trust/source/两者似乎都是死胡同,因为我运行 openssl x509 进行检查的每个 crt 文件都没有列出所有根 ca。
我想要删除的默认“受信任”根 CA 之一的示例:
Alias name: chinainternetnetworkinformationcenterevcertificatesroot
Creation date: Jul 5, 2016
Entry type: trustedCertEntry
Owner: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN
Issuer: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN
Serial number: 489f0001
Valid from: Tue Aug 31 03:11:25 EDT 2010 until: Sat Aug 31 03:11:25 EDT 2030
Certificate fingerprints:
MD5: 55:5D:63:00:97:BD:6A:97:F5:67:AB:4B:FB:6E:63:15
SHA1: 4F:99:AA:93:FB:2B:D1:37:26:A1:99:4A:CE:7F:F0:05:F2:93:5D:1E
SHA256: 1C:01:C6:F4:DB:B2:FE:FC:22:55:8B:2B:CA:32:56:3F:49:84:4A:CF:C3:2B:7B:E4:B0:FF:59:9F:9E:8C:7A:F7
Signature algorithm name: SHA1withRSA
Version: 3