堆栈内存溢出
  简体   繁体   English

如何使用 cacerts 和 jks trustore togeser,

[英]How use cacerts and jks trustore togeser,

 原文  2020-11-07 09:39:34       java/ spring-boot/ ssl/ jks

问题描述

How to use cacerts and jks together in one Spring Boot application.如何在一个 Spring Boot 应用程序中一起使用 cacerts 和 jks。

Now I am using external loading by cacert script at application start现在我在应用程序启动时通过 cacert 脚本使用外部加载

-Djavax.net.ssl.trustStore="/opt/app/cacerts" \

Now to work with another microsevis I need to configure another SSL.现在要使用另一个 microsevis,我需要配置另一个 SSL。 I was given a jks file for setting up an ssl我得到了一个用于设置 ssl 的 jks 文件

How to add another trustore jks如何添加另一个信任 jks

1 个解决方案

解决方案1
 1  2020-11-08 07:30:44

It looks like spring boot is by default loading the jdk trusted certificates during boot-up.看起来 spring boot 在启动过程中默认加载 jdk 可信证书。 Try to run your application with the following vm argument: -Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake while having an application.properties file setup like below尝试使用以下 vm 参数运行您的应用程序: -Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake同时具有如下所示的 application.properties 文件设置

I have tried it with a basic setup and have only configured my application properties file, see the content below.我已经使用基本设置进行了尝试,并且只配置了我的应用程序属性文件,请参阅下面的内容。

server:
  port: 8443
  ssl:
    enabled: true
    key-store: classpath:identity.jks
    key-password: secret
    key-store-password: secret
    trust-store: classpath:truststore.jks
    trust-store-password: secret
    client-auth: need

When booting up my application I see in the logs that spring first loads the default jdk truststore (cacerts) with 93 trusted certificates and afterwords it also loads the key entry and another trusted certificates.在启动我的应用程序时,我在日志中看到 spring 首先加载默认的 jdk 信任库 (cacerts) 和 93 个受信任的证书,之后它还会加载密钥条目和另一个受信任的证书。 These two entries are originated from my keystore and truststore.这两个条目来自我的密钥库和信任库。 So you don't need to programatically combine the jdk truststore and your own truststore and supply it to spring.因此,您不需要以编程方式将 jdk 信任库和您自己的信任库结合起来并提供给 spring。 So could you try to remove your -Djavax.net.ssl.trustStore="/opt/app/cacerts" \\ line and adjust your application.properties file with referencing only to your custom jks file as a truststore?那么您可以尝试删除您的-Djavax.net.ssl.trustStore="/opt/app/cacerts" \\行并调整您的 application.properties 文件,仅将您的自定义 jks 文件作为信任库引用吗?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我应该使用 cacerts 还是本地 trustore 而不是两者都使用? - Should I use either cacerts or local trustore but not both? 如何添加新的 SSL 连接 Spring Boot jks cacerts - How add new SSL connection Spring Boot jks cacerts cacerts与基于cxf的客户端中的jks相比 - cacerts vs. jks in a cxf-based client 如何使用密钥库和信任库配置Spring Ws? - How to configure Spring Ws with keystore and trustore? 如何将 Spring SAML 代码与 jks 或已签名的元数据一起使用 - How to use Spring SAML code with jks or signed metdata 如何同时使用2个或多个jks证书文件? - How to use 2 or more jks certificate files at the same time? Rampart:如何在没有任何密码的情况下使用 JKS 证书 - Rampart: how to use a JKS certificate without any password 如何避免在代码库中使用密钥库/ trustore纯文本密码? - How to avoid having keystore/trustore plain text password in code base? 如何使用 keystore.jks 对 SOAP 消息进行签名和加密 - How to use keystore.jks to sign and encrypt a SOAP message 如何在节点 js 中使用.jks 文件在 https 端点上提交请求 - How to Use .jks file in node js to submit request on https endpoint
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM