堆栈内存溢出
  简体   繁体   English

自签名tomcat和mysql / mariadb

[英]self signed tomcat and mysql/mariadb

 原文  2016-04-27 09:49:21       java/ mysql/ tomcat/ ssl/ mariadb

问题描述

G'day folks 同性恋者

trying to use certs for securing connections between Tomcat 8.x and mysql/mariadb. 尝试使用证书来保护Tomcat 8.x和mysql / mariadb之间的连接。 I'm going to use a self-signed cert. 我将使用自签名证书。 What follows is what i think i should be going and appreciate you to jump in and correct me. 接下来是我认为我应该去的事情,并感谢您加入并纠正我。

Create Backend(DB) certs 创建后端(DB)证书 

-sudo openssl genrsa 4096 > ca-key.pem

-sudo openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem

-sudo openssl req -newkey rsa:4096 -days 3600 -nodes -keyout server-key.pem -out server-req.pem

-sudo openssl rsa -in server-key.pem -out server-key.pem

-sudo openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

update the mysql cnf 更新mysql cnf 

ca-key.pem
server-key.pem
server-cert.pem

Ok, here's where i don't know how to proceed. 好的,这是我不知道如何进行的地方。 I think i have to use the JAVA keytool . 我认为我必须使用JAVA键盘工具。

Where do i go from here ? 我从这里去哪里?

ta OSP OSP

1 个解决方案

解决方案1
 0  2016-04-27 10:51:22

Assume you are looking for a one way SSL where MySQL is the server and Tomacat is the client which needs JDBC over ssl. 假设您正在寻找一种SSL方式,其中MySQL是服务器,而Tomacat是需要ssl上的JDBC的客户端。

  1. In MySQL environment set the path of CA and server certificates in the configuration file my.cnf 在MySQL环境中,在配置文件my.cnf中设置CA和服务器证书的路径 

     ssl-ca=<PATH>/ca-cert.pem ssl-cert=<PATH>server-cert.pem ssl-key=<PATH>server-key.pem

  2. In Tomcat environment import your MySQL CA certificate. 在Tomcat环境中,导入您的MySQL CA证书。

    keytool -import -alias mysqlcacert -file ca-cert.pem -keystore truststore keytool-导入-别名mysqlcacert-文件ca-cert.pem -keystore信任库

  3. If not already done , set truststore path in catalina.sh/bat 如果尚未完成,请在catalina.sh/bat中设置信任库路径 

      JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=<PATH>keystore" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=<password>"

  4. JDBC url JDBC网址 

     url="jdbc:mysql://host:port/db?autoReconnect=true&verifyServerCertificate=true&useSSL=true&requireSSL=true";

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使JMX在具有SSL和自签名证书的Tomcat 7下工作 - Getting JMX working under Tomcat 7 with SSL and a self-signed cert Tomcat 服务器和 HTTP 客户端接受过期的自签名证书 - Tomcat server AND HTTP Client accepting expired self-signed certificate Windows Tomcat7 SSL CA证书说是自签名的 - Windows Tomcat7 SSL CA cert says is self signed 与Glassfish3 / 4或Tomcat 8的双向(相互)SSL和自签名证书 - Two-way (mutual) SSL with Glassfish3/4 or Tomcat 8 and self-signed certificates 如何创建X509自签名证书以在Apache Tomcat中使用 - How to create X509 self signed certificate for use in Apache Tomcat 将外部服务器的自签名证书添加到我的Tomcat的受信任证书中 - Adding a foreign server's self-signed certificate to the trusted certificates of my Tomcat 使用自签名证书时,与Tomcat服务器未发生SSL / TLS通信 - SSL/TLS communication not happening with Tomcat Server on using self-signed certificate 自签名证书 - Self-signed certificate 查找证书是自签名的还是 CA 签名的 - Find if a certificate is self signed or CA signed java程序的自签名证书 - self signed certificate for java program
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM