如何在 Quarkus 中使用 SSL 连接到 PostgreSQL
[英]How to Connect to PostgreSQL with SSL in Quarkus
问题描述
I have an application based on quarkus.
我有一个基于 quarkus 的应用程序。 It needs to connect to database using SSL. I have specified the config as follows:它需要使用 SSL 连接到数据库。我指定的配置如下:
quarkus.datasource.db-kind=postgresql
quarkus.datasource.reactive.url=postgresql://ipaddress:5432/dbname?sslmode=verify-ca
quarkus.datasource.password=password
quarkus.datasource.username=username
quarkus.datasource.reactive.postgresql.ssl-mode=require
quarkus.datasource.reactive.trust-certificate-pem=true
quarkus.datasource.reactive.trust-certificate-pem.certs=certificates/cacertificate.pem,certificates/client.pem
quarkus.datasource.reactive.key-certificate-pem=true
quarkus.datasource.reactive.key-certificate-pem.keys=certificates/private_key.pem
quarkus.datasource.reactive.trust-all=true
However, I got the following error:但是,我收到以下错误:
io.vertx.core.VertxException: io.vertx.core.VertxException: Missing X.509 certificate
at io.vertx.core.net.impl.SSLHelper.createContext(SSLHelper.java:336)
at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:511)
at io.vertx.core.net.impl.SSLHelper.createEngine(SSLHelper.java:547)
at io.vertx.core.net.impl.NetSocketImpl.upgradeToSsl(NetSocketImpl.java:307)
at io.vertx.core.net.impl.NetSocketImpl.upgradeToSsl(NetSocketImpl.java:291)
at io.vertx.pgclient.impl.InitiateSslHandler.channelRead(InitiateSslHandler.java:73)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:792)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:475)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:750)
Caused by: io.vertx.core.VertxException: Missing X.509 certificate
at io.vertx.core.net.impl.KeyStoreHelper.loadKeyCert(KeyStoreHelper.java:231)
at io.vertx.core.net.PemKeyCertOptions.getHelper(PemKeyCertOptions.java:447)
at io.vertx.core.net.PemKeyCertOptions.getKeyManagerFactory(PemKeyCertOptions.java:465)
at io.vertx.core.net.impl.SSLHelper.getKeyMgrFactory(SSLHelper.java:341)
at io.vertx.core.net.impl.SSLHelper.createContext(SSLHelper.java:286)
Did I make any mistake?我做错了吗? How is the proper way to connect to database using SSL in quarkus?如何在 quarkus 中使用 SSL 连接到数据库的正确方法?
Really appreciate any help.非常感谢任何帮助。 I have been stuck in this problem for days and I couldn't find any example in the quarkus homepage.我已经被这个问题困了好几天了,在 quarkus 主页上找不到任何例子。
Many thanks!非常感谢!
I have made sure the certificate and key files (pem format) available in the specified directory.我已确保指定目录中的证书和密钥文件(pem 格式)可用。 I am not sure how to tell my quarkus app which the cacertificate and client certificate to be used since the config name is pretty general.我不确定如何告诉我的 quarkus 应用程序要使用哪个 cacertificate 和客户端证书,因为配置名称非常通用。 I expected the db is connected by only setting up that config and no further code should be added since the connection is handled by quarkus.我希望数据库仅通过设置该配置来连接,并且不应添加更多代码,因为连接由 quarkus 处理。
1 个解决方案
解决方案1
0 2023-01-27 12:24:58
quarkus.datasource.url=jdbc:postgresql://host:port/database?ssl=true&sslmode=require
quarkus.datasource.driver=org.postgresql.Driver
quarkus.datasource.username=username
quarkus.datasource.password=password
# SSL configuration
quarkus.datasource.ssl-mode=require
quarkus.datasource.ssl-factory=org.postgresql.ssl.NonValidatingFactory
quarkus.datasource.ssl-factory-arg=trustStorePath=/path/to/truststore.jks,trustStorePassword=password
To connect to a database using SSL in Quarkus, you can configure the connection properties for the database in the application.properties file.要在 Quarkus 中使用 SSL 连接到数据库,您可以在 application.properties 文件中配置数据库的连接属性。 You will need to provide the necessary SSL properties such as the location of the truststore and keystore, and the passwords for those files.您将需要提供必要的 SSL 属性,例如信任库和密钥库的位置,以及这些文件的密码。
The error message suggests that the X.509 certificate is missing.错误消息表明缺少 X.509 证书。 To fix this issue, ensure that the paths to the certificate files in the properties quarkus.datasource.reactive.trust-certificate-pem.certs and quarkus.datasource.reactive.key-certificate-pem.keys are correct, and that the files are accessible at those locations.要解决此问题,请确保属性 quarkus.datasource.reactive.trust-certificate-pem.certs 和 quarkus.datasource.reactive.key-certificate-pem.keys 中证书文件的路径正确,并且文件可在这些位置访问。 It's also important to check that files contain the correct PEM formated certificate.检查文件是否包含正确的 PEM 格式证书也很重要。 Also, it's worth to double check that the certificate files are in the correct format and match the expected CA and client certificates.此外,值得仔细检查证书文件的格式是否正确以及是否与预期的 CA 和客户端证书相匹配。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.