堆栈内存溢出
  简体   繁体   English

如何使用JDBC使用X509连接MySQL?

[英]How to connect to MySQL with X509 using JDBC?

 原文  2012-07-16 17:50:38       mysql/ ssl/ jdbc

问题描述

I've set up a MySQL (Community Server, 5.1) database server. 我已经建立了一个MySQL(社区服务器,5.1)数据库服务器。

I've set up SSL, created certificates, etc. 我已经设置了SSL,创建了证书等。

I've created a user that has the REQUIRES X509 attribute. 我创建了一个具有REQUIRES X509属性的用户。

I can connect using this user using the command line client "mysql" and the "status" command shows that SSL is active, etc. 我可以使用命令行客户端“mysql”使用此用户进行连接,“status”命令显示SSL处于活动状态等。

I've followed exactly the instructions from the MySQL site about importing the certificates into Java truststore/keystore files. 我完全按照MySQL站点的说明将证书导入Java truststore / keystore文件。

I just cannot connect to the database using these. 我只是无法使用这些连接到数据库。

If I use just the truststore file using a user with REQUIRES SSL then all is fine. 如果我使用具有REQUIRES SSL的用户只使用truststore文件,那么一切都很好。 Using the keystore file with a user with REQUIRES X509 just isn't having it. 使用带有REQUIRES X509的用户的密钥库文件就没有了。

There seems to be lots of evidence on the web of people struggling with this and not many answers. 在网络上似乎有很多证据表明人们正在努力解决这个问题并没有多少答案。 Has ANYONE actually got this working? 有没有人真的有这个工作?

1 个解决方案

解决方案1
 12 已采纳  2012-07-23 20:11:09

Cracked, listed here, in my comment at the bottom of the page: http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-using-ssl.html 在我的评论页面底部列出了这里的破解: http//dev.mysql.com/doc/refman/5.0/en/connector-j-reference-using-ssl.html

After LITERALLY SPENDING A WEEK DOING THIS I have finally managed to connect using a client certifiacte (REQUIRES X509 on the user defintion)!!!! 在花了一个星期的时间后,我终于设法使用客户端certifiacte连接(需要用户定义的X509)!!!! 

rem NOTE: these commands are run using the Java 6 (1.6) JDK as it requires the "-importkeystore" command
rem which is not available before this JDK version.

rem Import the self signed Certifacte Authority certificate into a keystore.
keytool -import -alias mysqlCACert -file ca-cert.pem -keystore truststore -storepass truststore
rem Shows only the signed certificate.
keytool -v -list -keystore truststore -storepass truststore

rem Create a PKCS12 file from an existing signed client certifcate and its private key.
rem set password to "keystore".
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -out client.p12 -name clientalias -CAfile ca-cert.pem -caname root
rem Import the combined certificate and private key into the keystore.
keytool -importkeystore -deststorepass keystore -destkeystore keystore -srckeystore client.p12 -srcstoretype PKCS12 -srcstorepass keystore -alias clientalias

Then specify the trusted certifcates file (the truststore) and the client certificate/key file (the keystore) in your Java application either via the connection URL, via the JVM start-up parameter arguments (-D=,...), or System.setProperty(var,val),... 然后通过连接URL,通过JVM启动参数参数(-D =,...)在Java应用程序中指定受信任的certifcates文件(信任库)和客户端证书/密钥文件(密钥库),或者System.setProperty(VAR,VAL),...

It actually works!!! 它确实有效!!!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用SSL JDBC连接到MySQL服务器 - How to connect to MySQL server using SSL JDBC 如何使用 Electron 通过 JDBC 连接到 MySQL 数据库 - How to connect to a MySQL Database with JDBC using Electron 如何使用Mysql JDBC驱动程序将Android与MySQL连接 - How to connect Android with MySQL using Mysql JDBC driver 使用JDBC连接到MySQL的问题 - problem using JDBC to connect to mysql 如何使用JDBC连接XAMPP MySQL本地数据库? - How to connect XAMPP MySQL local DB using JDBC? 如何使用JDBC更改架构以连接到Grails中的MySQL? - How can I change schemas using JDBC to connect to MySQL in Grails? 如何使用jdbc将mysql数据库连接到桌面Java应用程序? - how to connect mysql database to desktop java application using jdbc? 无法使用java jdbc驱动程序连接到Mysql - Cannot connect to Mysql using java jdbc Driver 无法使用JDBC连接到MySQL数据库 - unable to connect to MySQL database using JDBC 无法在docker中使用jdbc连接到mysql - Unable to connect to mysql using jdbc in docker
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM