[英]self signed tomcat and mysql/mariadb
G'day folks 同性恋者
trying to use certs for securing connections between Tomcat 8.x and mysql/mariadb. 尝试使用证书来保护Tomcat 8.x和mysql / mariadb之间的连接。 I'm going to use a self-signed cert.
我将使用自签名证书。 What follows is what i think i should be going and appreciate you to jump in and correct me.
接下来是我认为我应该去的事情,并感谢您加入并纠正我。
Create Backend(DB) certs 创建后端(DB)证书
-sudo openssl genrsa 4096 > ca-key.pem
-sudo openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem
-sudo openssl req -newkey rsa:4096 -days 3600 -nodes -keyout server-key.pem -out server-req.pem
-sudo openssl rsa -in server-key.pem -out server-key.pem
-sudo openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
update the mysql cnf 更新mysql cnf
ca-key.pem
server-key.pem
server-cert.pem
Ok, here's where i don't know how to proceed. 好的,这是我不知道如何进行的地方。 I think i have to use the JAVA keytool .
我认为我必须使用JAVA键盘工具。
Where do i go from here ? 我从这里去哪里?
ta OSP OSP
Assume you are looking for a one way SSL where MySQL is the server and Tomacat is the client which needs JDBC over ssl. 假设您正在寻找一种SSL方式,其中MySQL是服务器,而Tomacat是需要ssl上的JDBC的客户端。
In MySQL environment set the path of CA and server certificates in the configuration file my.cnf 在MySQL环境中,在配置文件my.cnf中设置CA和服务器证书的路径
ssl-ca=<PATH>/ca-cert.pem ssl-cert=<PATH>server-cert.pem ssl-key=<PATH>server-key.pem
In Tomcat environment import your MySQL CA certificate. 在Tomcat环境中,导入您的MySQL CA证书。
keytool -import -alias mysqlcacert -file ca-cert.pem -keystore truststore
keytool-导入-别名mysqlcacert-文件ca-cert.pem -keystore信任库
If not already done , set truststore path in catalina.sh/bat 如果尚未完成,请在catalina.sh/bat中设置信任库路径
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=<PATH>keystore" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=<password>"
JDBC url JDBC网址
url="jdbc:mysql://host:port/db?autoReconnect=true&verifyServerCertificate=true&useSSL=true&requireSSL=true";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.