I'm reading this article about how to allow a self-signed cert to be used by an android client:
http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html#comment-form
On step 2, I have to run a few commands, but I'm not too familiar with the shell and am getting a syntax error when trying to run the following:
export CLASSPATH="/Users/me/Desktop/lib/java/bouncycastle/bcprov-jdk16-145.jar"
CERTSTORE=res/raw/mystore.bks
if [ -a $CERTSTORE ]; then
rm $CERTSTORE || exit 1
fi
keytool \
-import \
-v \
-trustcacerts \
-alias 0 \
-file <(openssl x509 -in mycert.pem) \
-keystore $CERTSTORE \
-storetype BKS \
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \
-providerpath /usr/share/java/bcprov.jar \
-storepass mypassword
The error I get when I run:
./test.sh: line 11: syntax error near unexpected token `('
./test.sh: line 11: ` -file <(openssl x509 -in mycert.pem) \'
So the -file syntax is problematic, b开发者_如何学Cut I'm not sure what to change this to, because I don't know what syntax the -file param can handle.
Anyone have any idea? I'm on mac 10.6,
Thanks
--------- Update ---------------
If I replace the "<" character with "$", I get the following exception when executed:
java.lang.RuntimeException: Usage error, CERTIFICATE----- is not a legal command
at sun.security.tools.KeyTool.parseArgs(KeyTool.java:375)
at sun.security.tools.KeyTool.run(KeyTool.java:171)
at sun.security.tools.KeyTool.main(KeyTool.java:166)
hmm I'm not understanding which arg the exception is telling me is bad though. Script updated looks like:
export CLASSPATH="/Users/me/Desktop/lib/java/bouncycastle/bcprov-jdk16-145.jar"
CERTSTORE=res/raw/mystore.bks
if [ -a $CERTSTORE ]; then
rm $CERTSTORE || exit 1
fi
keytool \
-import \
-v \
-trustcacerts \
-alias 0 \
-file $(openssl x509 -in mycert.pem) \
-keystore $CERTSTORE \
-storetype BKS \
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \
-providerpath /usr/share/java/bcprov.jar \
-storepass mypassword
Thanks!
You may not be running Bash. The <()
is called process substitution. Some other shells support it, but the Bourne shell does not.
It creates an anonymous named pipe, so the -file
sees a filename, but the file contents are really the output of openssl x509
command.
You can probably solve the problem by making sure that the first line in the script is:
#!/bin/bash
精彩评论