[英]How to set up mySql JDBC connection with SSL
jdbc:mysql://localhost:3306/MyDb?verifyServerCertificate=true&useSSL=true&requireSSL=true
I downloaded the public certificate from the mySql server and put it into cacerts like this: 我从mySql服务器下载了公共证书,并将其放入如下所示的cacerts中:
keytool.exe -import -alias mysql_dev \
-keystore /c/dev/tools/Java/jre1.8.0_131/jre/lib/security/cacerts \
-file rds-combined-ca-bundle.pem
I generated new keys using keytool
like this: 我使用
keytool
生成了新的密钥,如下所示:
keytool.exe -genkeypair -alias adam \
-keypass changeit \
-keysize 1024 \
-keystore /c/dev/.secure/haa2xt.jks \
-storepass changeit
So now I can see that Java is picking up both my key from the keystore and the server certificate from the truststore, but still I'm getting the PKIX
error. 因此,现在我可以看到Java从密钥库中同时获取了我的密钥,并从信任库中获取了服务器证书,但是仍然出现
PKIX
错误。
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效认证路径
I added this debug param to the command line and got some more info which all looks good, and I can see the mySql certificate in there. 我在命令行中添加了此调试参数,并获得了一些看起来不错的信息,并且可以在其中看到mySql证书。
-Djavax.net.debug=all
trustStore is: c:\\dev\\tools\\java\\jdk1.8.0_131\\jre\\lib\\security\\cacerts
trustStore是:c:\\ dev \\ tools \\ java \\ jdk1.8.0_131 \\ jre \\ lib \\ security \\ cacerts
trustStore type is : jks
trustStore类型是:jks
[.....] [......]
keyStore is : C:/dev/.secure/haa2xt.jks
keyStore是:C:/dev/.secure/haa2xt.jks
keyStore type is : jks
keyStore类型是:jks
keyStore provider is :
keyStore提供程序是:
init keystore
初始化密钥库
init keymanager of type SunX509
SunX509类型的init密钥管理器
*** found key for : adam
***找到了关键:亚当
What have I done wrong? 我做错了什么?
It turns out that the keytool import
command will only import the first certificate in the PEM file when there are more than one. 事实证明,如果有一个以上的
keytool import
, keytool import
命令将仅导入PEM文件中的第一个证书。
This was the only one I checked for as well, so I thought it was fine when actually there were about 15 that I still hadn't imported. 这也是我唯一检查过的一个,因此我认为当大约有15个我仍未导入时,这很好。
I used this tool to import them all: https://github.com/use-sparingly/keyutil 我使用此工具将它们全部导入: https : //github.com/use-sparingly/keyutil
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.