I'm trying to understand this part of RESTHeart documentation, but I can't: https://softinstigate.atlassian.net/wiki/spaces/RH/pages/9207828/Installation+and+Setup#InstallationandSetup-5.1ConnectRESTHearttoMongoDBoverTLS/SSL
create the keystore importing the public certificate used by mongod using keytool (with keytool, the java tool to manage keystores of cryptographic keys)
where can I take the public certificate used by mongod?
start restheart with following options: $ java -server -Djavax.net.ssl.trustStore=rhTrustStore -Djavax.net.ssl.trustStorePassword=changeit -Djavax.security.auth.useSubjectCredsOnly=false -jar restheart.jar restheart.yml
In this case option "use-embedded-keystore" in the restheart.yml conf file must have value=true or false and I should use own keystore? As I understand if the option have value true, this part of command
-Djavax.net.ssl.trustStore=rhTrustStore -Djavax.net.ssl.trustStorePassword=changeit -Djavax.security.auth.useSubjectCredsOnly=false
ignored? Or not?
the option use-embedded-keystore
controls the SSL certificate used by restheart for the https protocol and it has nothing to do with the connection to mongodb.
to connect to mongodb over SSL you have to install the public certificate used by mongodb in the java keystore and follow the instructions in the documentation.
You can find detailed documentation about connecting restheart to mongodb over Ssl at the following addess:
MongoDB clients can use TLS/SSL to encrypt connections to mongod and mongos instances.
To configure RESTHeart for TLS/SSL do as follows:
create the keystore importing the public certificate used by mongod using keytool (with keytool, the java tool to manage keystores of cryptographic keys)
$ keytool -importcert -file mongo.cer -alias mongoCert -keystore rhTrustStore
# asks for password, use "changeit"
specify the ssl option in the mongo-uri in the restheart yml configuration file:
mongo-uri: mongodb://your.mongo-domain.com?ssl=true
start restheart with following options:
$ java -server -Djavax.net.ssl.trustStore=rhTrustStore -Djavax.net.ssl.trustStorePassword=changeit -Djavax.security.auth.useSubjectCredsOnly=false -jar restheart.jar restheart.yml
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.