[英]How use cacerts and jks trustore togeser,
How to use cacerts and jks together in one Spring Boot application.如何在一个 Spring Boot 应用程序中一起使用 cacerts 和 jks。
Now I am using external loading by cacert script at application start现在我在应用程序启动时通过 cacert 脚本使用外部加载
-Djavax.net.ssl.trustStore="/opt/app/cacerts" \
Now to work with another microsevis I need to configure another SSL.现在要使用另一个 microsevis,我需要配置另一个 SSL。 I was given a jks file for setting up an ssl
我得到了一个用于设置 ssl 的 jks 文件
How to add another trustore jks如何添加另一个信任 jks
It looks like spring boot is by default loading the jdk trusted certificates during boot-up.看起来 spring boot 在启动过程中默认加载 jdk 可信证书。 Try to run your application with the following vm argument:
-Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake
while having an application.properties file setup like below尝试使用以下 vm 参数运行您的应用程序:
-Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake
同时具有如下所示的 application.properties 文件设置
I have tried it with a basic setup and have only configured my application properties file, see the content below.我已经使用基本设置进行了尝试,并且只配置了我的应用程序属性文件,请参阅下面的内容。
server:
port: 8443
ssl:
enabled: true
key-store: classpath:identity.jks
key-password: secret
key-store-password: secret
trust-store: classpath:truststore.jks
trust-store-password: secret
client-auth: need
When booting up my application I see in the logs that spring first loads the default jdk truststore (cacerts) with 93 trusted certificates and afterwords it also loads the key entry and another trusted certificates.在启动我的应用程序时,我在日志中看到 spring 首先加载默认的 jdk 信任库 (cacerts) 和 93 个受信任的证书,之后它还会加载密钥条目和另一个受信任的证书。 These two entries are originated from my keystore and truststore.
这两个条目来自我的密钥库和信任库。 So you don't need to programatically combine the jdk truststore and your own truststore and supply it to spring.
因此,您不需要以编程方式将 jdk 信任库和您自己的信任库结合起来并提供给 spring。 So could you try to remove your
-Djavax.net.ssl.trustStore="/opt/app/cacerts" \\
line and adjust your application.properties file with referencing only to your custom jks file as a truststore?那么您可以尝试删除您的
-Djavax.net.ssl.trustStore="/opt/app/cacerts" \\
行并调整您的 application.properties 文件,仅将您的自定义 jks 文件作为信任库引用吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.