我有一个启用了SSL
的MongoDb
实例(单实例)。我可以通过RoboMongo
连接到它,在SSL
选项卡上我提供了以下内容:
CA File : /path to my certificate/testCA.pem
PEM certificate/key: /path to my key/testKey.pem
成功地连接到。现在我正尝试从java app连接到同一个mondodb。我使用以下命令将testCA.pem导入cacerts:
keytool -import -keystore cacerts -file testCA.pem -storepass changeit
我可以看到一个新的条目添加到存储中。尝试将另一个密钥添加到其中,但它显示证书无效。在Java应用程序上,我按如下方式设置了系统属性:
System.setProperty ("javax.net.ssl.trustStore","C:\\Program Files\\Java\\jre1.8.0_91\\lib\\security\\cacerts");
System.setProperty ("javax.net.ssl.trustStorePassword","changeit");
我得到了以下错误:
org.springframework.dao.DataAccessResourceFailureException: Timed out after 10000 ms while waiting to connect. Client view of cluster state is {type=Unknown, servers=[{address=test.mongo.com:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.io.EOFException}}]; nested exception is com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting to connect. Client view of cluster state is {type=Unknown, servers=[{address=test.mongo.com:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.io.EOFException}}]
at org.springframework.data.mongodb.core.MongoExceptionTranslator.translateExceptionIfPossible(MongoExceptionTranslator.java:75)
at org.springframework.data.mongodb.core.MongoTemplate.potentiallyConvertRuntimeException(MongoTemplate.java:2075)
at org.springframework.data.mongodb.core.MongoTemplate.executeFindMultiInternal(MongoTemplate.java:1918)
这里我错过了什么,提前谢谢!
发布于 2017-04-03 22:38:15
除了使用以下命令导入CAFile.pem
之外:
(导航到您的java_home/jre/lib/security
以运行命令)
1. keytool -import -trustcacerts -file testCA.pem -keystore cacerts -storepass "changeit"
我还必须将key.pem
导出为pkcs12
格式(默认密码为'changeit'
)。
2. openssl pkcs12 -export -out mongodb.pkcs12 -in testKey.pem
除了设置系统属性trustStore/password外,还需要设置keyStore/password:
System.setProperty ("javax.net.ssl.trustStore",JAVA_HOME + "\\lib\\security\\cacerts");
System.setProperty ("javax.net.ssl.trustStorePassword","changeit");
System.setProperty ("javax.net.ssl.keyStore",JAVA_HOME + "\\lib\\security\\mongodb.pkcs12");
System.setProperty ("javax.net.ssl.keyStorePassword","changeit");
发布于 2017-02-17 22:31:33
您需要配置monog db驱动程序以使用SSL。您可以通过在@Configuration类中手动配置它来完成此操作。
public @Bean MongoClient mongo() {
MongoClientOptions.Builder options = MongoClientOptions.builder().sslEnabled(true);
// add more options to the builder with your config
MongoClient mongoClient = new MongoClient("localhost", options.build());
return mongoClient;
}
发布于 2018-08-03 05:42:42
如果将RAD与WAS本地服务器一起使用,则必须将pem文件添加到该服务器的java VM中。
因此,如果您已经安装到X:\IBM\WASx,那么X:\IBM\WASx\java_17\jre就是您要导航并在其中执行keytool导入的目录。希望这对其他人有帮助。
https://stackoverflow.com/questions/42300169
复制相似问题