如何在启用SSL的Spring Boot应用程序中连接到RDS Postgres
[英]How to connect to RDS postgres in Spring Boot application with SSL enabled
问题描述
I've created a Postgres database on Amazon RDS instance with SSL enabled. 
我已经在启用了SSL的Amazon RDS实例上创建了一个Postgres数据库。 The instance can be accessed with command line using the cert file provided by Amazon (.pem). 可以使用Amazon(.pem)提供的证书文件通过命令行访问该实例。 Now I want to connect to the database within a Spring Boot application. 现在,我想连接到Spring Boot应用程序中的数据库。 Did some research, it seems I have to install the cert in keystore with keytool command Import PEM into Java Key Store . 做了一些研究,看来我必须使用keytool命令Import PEM into Java Key Store将证书安装在keystore中。 So I ran the following commands to generate jks key. 因此,我运行了以下命令来生成jks密钥。
openssl x509 -outform der -in rds-combined-ca-bundle.pem -out aws-cert.der
keytool -import -alias rds-key -keystore rds.jks -file aws-cert.der
keytool -list -keystore rds.jks
I also ran command keytool -list -keystore rds.jks to list keystore for validation. 我还运行了命令keytool -list -keystore rds.jks来列出密钥库以进行验证。
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
rds-key, Oct 16, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): E8:11:88:56:E7:A7:CE:3E:5E:DC:9A:31:25:1B:93:AC:DC:43:CE:B0
After copying the rds.jks file to /src/main/resources, I added the following lines in application.properties for ssl: 将rds.jks文件复制到/ src / main / resources后,我在application.properties为ssl添加了以下几行:
server.ssl.enabled=true
server.ssl.key-alias=rds-key
server.ssl.key-password=xxx111
server.ssl.key-store=classpath:rds.jks
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS
However I got the error: 但是我得到了错误:
java.lang.IllegalArgumentException: java.io.IOException: Alias name [rds-key] does not identify a key entry
Why is the keystore not working? 为什么密钥库不起作用?
2 个解决方案
解决方案1
0 2017-10-16 23:54:43
Configuring SSL keystore/truststore for spring boot application prepares the ssl context used by outbound/inbound https connections. 为Spring Boot应用程序配置SSL密钥库/信任库可准备出站/入站https连接使用的ssl上下文。 You will need to configure the SSL socket factory differently for postgres db connections. 您将需要为postgres db连接以不同的方式配置SSL套接字工厂。 Either use the implementation provided by postgres lib or create your own custom SSLSocketFactory class which prepares the ssl context using your rds specific keystore. 使用postgres lib提供的实现,或者创建自己的自定义SSLSocketFactory类,该类使用rds特定的密钥库准备ssl上下文。
Please check out -> https://basildoncoder.com/blog/postgresql-jdbc-client-certificates.html 请检出-> https://basildoncoder.com/blog/postgresql-jdbc-client-certificates.html
解决方案2
0 2018-04-04 14:16:09
You are setting the wrong properties. 您设置了错误的属性。 The above properties enable SSL for the server. 以上属性为服务器启用SSL。 For the RDS SSL connection you need to setup the following properties: 对于RDS SSL连接,您需要设置以下属性:
javax.net.ssl.keyStorePassword = password
javax.net.ssl.trustStore = ./store_path.jks
javax.net.ssl.trustStoreType = JKS
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.