使用Java Connector / J和SSL连接到RDS中的MySQL
[英]Connect to MySQL in RDS using Java Connector/J and SSL
问题描述
I am struggling to get my java code (that uses HikariCP ) to connect with my database on AWS RDS using SSL . 
我正在努力让我的Java代码(使用HikariCP )使用SSL与AWS RDS上的database连接。 I can connect with the database using MySQL Workbench , I just can't find out how to configure the MySQL Connector/J 5.1.45 driver to access the database using SSL . 我可以使用MySQL Workbench与database连接,只是找不到如何配置MySQL Connector/J 5.1.45驱动程序以使用SSL访问database 。
Currently this is my HikariCP properties file: 当前,这是我的HikariCP属性文件:
jdbcUrl=jdbc:mysql://mypath.jqwejrkq4568833.us-east-1.rds.amazonaws.com:3306/myschema
username=myusername
password=mypassword
dataSource.cachePrepStmts=true
dataSource.prepStmtCacheSize=250
dataSource.prepStmtCacheSqlLimit=2048
dataSource.useServerPrepStmts=true
dataSource.useLocalSessionState=true
dataSource.useLocalTransactionState=true
dataSource.rewriteBatchedStatements=true
dataSource.cacheResultSetMetadata=true
dataSource.cacheServerConfiguration=true
dataSource.elideSetAutoCommits=true
dataSource.maintainTimeStats=false
dataSource.clientCertificateKeyStoreUrl=file://truststore
dataSource.clientCertificateKeyStorePassword=123456
dataSource.useSSL=true
dataSource.verifyServerCertificate=true
dataSource.requireSSL=true
The truststore file was generated with the RDS certificate from here , it's on my classpath root since it's on my resources folder from maven . truststore文件是使用RDS 证书从此处生成的,它位于我的classpath根目录中,因为它位于maven resources文件夹中。 I really want to provide my own truststore file to the MySQL Connector/J driver so this program can be moved around without having to configure the truststore from the environment (this is very useful for me because my code runs locally on GlassFish but on the cloud on AWS Lambda and who knows where will it run tomorrow). 我真的很想将自己的truststore文件提供给MySQL Connector/J驱动程序,这样就可以移动该程序而无需从环境配置truststore (这对我来说非常有用,因为我的代码在GlassFish上本地运行,但在云上运行在AWS Lambda ,谁知道明天将在哪里运行)。
When I try to get a connection using this configuration I get the following error: 当我尝试使用此配置建立连接时,出现以下错误:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot open file://truststore [truststore]
At first I thought my trustore url was wrong, but if I change it to something like this: 起初,我认为我的trustore url错误,但是如果我将其更改为以下内容:
dataSource.clientCertificateKeyStoreUrl=file:///truststore
The error changes to: 错误更改为:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot open file:///truststore [\\truststore (The system cannot find the file specified)]
Which indicates for me that the first url was correct. 这对我来说表明第一个url是正确的。
I have no idea what am I doing wrong or how to fix this, the `truststore was generated with the following command: 我不知道我在做什么错或如何解决这个问题,`truststore是通过以下命令生成的:
'C:\Program Files\Java\jre1.8.0_151\bin\keytool.exe' -importcert -alias AwsRdsMySqlCACert -file rds-combined-ca-bundle.pem -keystore truststore -storepass 123456
I have no idea what am I doing wrong, which leads me to the question: 我不知道我在做什么错,这导致了我一个问题:
What's wrong with my truststore file then? 那我的truststore文件怎么了?
EDIT: 编辑:
Digging deeper I could find the cause of the Exception : 深入研究,我可以找到导致Exception的原因:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot open file://truststore [truststore]
is: 是:
java.net.UnknownHostException: truststore
I don't know what this means since my database url is correct because it's the same I use in MySQL Workbench . 我不知道这意味着什么,因为我的database url是正确的,因为它与MySQL Workbench使用的相同。
1 个解决方案
解决方案1
0 2019-10-23 19:02:26
如果使用的是Maven,请确保使用-Djavax.net.ssl.trustStore = / home / vagrant和正确的证书,或者使用适当的值配置MAVEN_OPTS,例如:-Djavax.net.ssl.trustStore = / dev,也将其放在Intellij的运行器部分
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.