堆栈内存溢出
  简体   繁体   English

为 SpringBoot 应用程序指定密钥库时 javax.net.ssl.keyStore 和 server.ssl.key-store 属性有什么区别

[英]What is the difference between javax.net.ssl.keyStore and server.ssl.key-store properties when specifying keystore for a SpringBoot app

 原文  2020-04-07 04:04:53       java/ spring-boot/ keystore/ jks

问题描述

  1. Can I specify keystore using either of these properties - the Java-specific javax.net.ssl.keyStore or the spring boot specific server.ssl.key-store.我可以使用这些属性中的任何一个来指定密钥库吗?Java 特定的 javax.net.ssl.keyStore 或 spring 引导特定的服务器。ZF9D5C16A7F42203F8C195432354A2.3 Any differences?有什么不同吗? I would like to use the keystore for serving my app using https as well as mutual client authentication with some REST services我想使用密钥库为我的应用程序提供 https 以及与一些 REST 服务的相互客户端身份验证

  2. Can the SpringBoot application be served using https if the keystore is not specified as a property or jvm argument, rather is read at the startup using custom code?如果密钥库未指定为属性或 jvm 参数,是否可以使用 https 为 SpringBoot 应用程序提供服务,而不是在启动时使用自定义代码读取? Or does the keystore specification have to come before that if the app has to be served using https?或者如果必须使用 https 提供应用程序,那么密钥库规范是否必须在此之前出现?

1 个解决方案

解决方案1
 1  2021-04-04 18:38:47

Those two properties have complementary roles:这两个属性具有互补的作用:

  • javax.net.ssl.keyStore is a system property used by the Java security providers to configure the default SSLContext . javax.net.ssl.keyStore是 Java 安全提供程序用来配置默认SSLContext系统属性。 Most SSL clients use the default SSLContext .大多数 SSL客户端使用默认的SSLContext

    You don't need to pass this property as -D argument to the JVM, you can set it programmatically at a very early stage of your application startup, but I would advise against it: since your application may not be the only application in the JVM (eg your run it as WAR archive), you will influence the behavior of other applications.您不需要将此属性作为-D参数传递给 JVM,您可以在应用程序启动的早期阶段以编程方式设置它,但我建议不要这样做:因为您的应用程序可能不是唯一的应用程序JVM(例如,您将其作为 WAR 存档运行),您将影响其他应用程序的行为。 Use a non-default SSLContext instead.请改用非默认SSLContext

  • server.ssl.keyStore is a Spring property to configure the server socket of the embedded servlet container. server.ssl.keyStore是一个Spring属性,用于配置嵌入式 servlet 容器的服务器套接字。 It can come from many different sources .它可以来自许多不同的来源

    While in theory a servlet container can use the default SSLContext and retrieve its certificate from the default KeyManager (which loads its keys from the keystore specified through javax.net.ssl.keyStore ), I don't know any servlet container that would actually do it.虽然理论上 servlet 容器可以使用默认SSLContext并从默认KeyManager检索其证书(它从通过javax.net.ssl.keyStore指定的密钥库加载其密钥),但我不知道任何 servlet 容器实际上会这样做它。

    Usually the certificate used as SSL client is not the same as the one used as SSL server.通常用作 SSL 客户端的证书与用作 SSL 服务器的证书不同。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java key store 参数(javax.net.ssl.keyStore)的用途是什么,如何使用? - What is the purpose of Java key store parameter (javax.net.ssl.keyStore), How to use it? javax.net.ssl.key商店信息 - javax.net.ssl.keyStore information 如何在jar中使用javax.net.ssl.keystore中的文件? - How to use a file in a jar as javax.net.ssl.keystore? JMeter - 根据应用程序环境设置javax.net.ssl.keyStore和javax.net.ssl.keyStorePassword - JMeter - Setting javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword based on application environment System.setProperty("javax.net.ssl.keyStore", xxx) 在 api rest 中不起作用? - System.setProperty("javax.net.ssl.keyStore", xxx) not working in api rest? 将密钥和SSL证书导入java密钥库 - Import key and SSL Certificate into java keystore cacerts和keystore有什么区别? - What is difference between cacerts and keystore? 为jboss6生成SSL密钥库和私钥 - generate SSL keystore and private key for jboss6 java SSL和cert密钥库 - java SSL and cert keystore ssl是否必须使用密钥库和信任库? - Is keystore and truststore mandatory for ssl?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM