在本地Spring和Node.js应用之间创建SSL连接
[英]Create a SSL connection between spring and nodejs apps locally
问题描述
I have two apps, one is written in nodejs (which in this case is simple mock-server) and spring app (core app). 
我有两个应用程序,一个是用nodejs(在这种情况下是简单的模拟服务器)和spring应用程序(核心应用程序)编写的。 I want to create a SSL connection between this two. 我想在这两者之间创建SSL连接。 Firstly I generated pair of key and cert, then simply setup a nodejs to work over SSL (I used this example: setting SSL - nodeJs ). 首先,我生成了一对密钥和证书,然后简单地设置了一个nodejs以通过SSL工作(我使用了这个示例: 设置SSL-nodeJs )。 I have checked that when I wrote in browser https://localhost:3000 it gives me a "secure" connection (with open padlock - so it's ok). 我已经检查过,当我在浏览器https:// localhost:3000中编写时,它为我提供了“安全”连接(使用开放式挂锁-没关系)。
Next I was making a configuration on spring app using setting SSL - Spring . 接下来,我使用设置SSL-Spring在spring应用程序上进行配置。 I took a cert from previous step generation and set it in keystore into .p12 file. 我从上一步生成的证书中获取了一个证书,并将其设置在密钥库中的.p12文件中。 In spring application I changed the url to node app to https. 在春季应用程序中,我将节点应用程序的URL更改为https。
When I try to connect from spring app and get some mock data from node I'm getting this stacktrace: 当我尝试从spring应用程序连接并从节点获取一些模拟数据时,我得到了这个stacktrace:
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I found something in stack but when I set this cert in specific directory and then restart my app, result is same. 我在堆栈中找到了一些东西,但是当我在特定目录中设置此证书然后重新启动应用程序时,结果是相同的。
Have anyone maybe a clue what could be wrong in this configuration and some suggestion how to fix it? 有谁知道这个配置可能出什么问题的提示,以及一些建议如何解决?
1 个解决方案
解决方案1
0 已采纳 2019-07-01 08:05:07
I found the solution of this problem. 我找到了解决这个问题的方法。 I don't know why, but when I created a keystore with cert inside and then use it in my spring app it cannot find this keystore with cert globally. 我不知道为什么,但是当我创建一个内部带有cert的密钥库,然后在我的spring应用程序中使用它时,它无法在全球范围内找到这个带有cert的密钥库。 I was looking for documentation about openJDK11 (because I used it) and find a link to Enabling Unlimited Strength Jurisdiction Policy and check file for which I have version of openJDK11. 我一直在寻找有关openJDK11的文档(因为使用了它),并且找到了“ 启用无限强度管辖权策略”的链接,并检查了我具有openJDK11版本的文件。
In my case the line from crypto.policy was commented, don't know why. 在我的情况下,来自crypto.policy那行被评论了,不知道为什么。 When I uncommented it and set unlimited it gives me one more error, but then I find one another solution. 当我取消注释并设置unlimited它又给了我一个错误,但是后来我找到了另一个解决方案。 I found that, that I need to add my sign-self certificate to cacerts file ( how to add my self-signed cert to cacerts ). 我发现,我需要将我的自签名证书添加到cacerts文件( 如何将我的自签名证书添加到cacerts )。 After this two operation it works as charm. 经过这两次操作后,它就具有了魅力。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.