stackoom
  简体   繁体   中英

Connect RESTHeart to MongoDB over TLS/SSL

 原文  2018-03-04 14:24:00       java/ mongodb/ ssl/ keytool/ restheart

Question

I'm trying to understand this part of RESTHeart documentation, but I can't: https://softinstigate.atlassian.net/wiki/spaces/RH/pages/9207828/Installation+and+Setup#InstallationandSetup-5.1ConnectRESTHearttoMongoDBoverTLS/SSL

create the keystore importing the public certificate used by mongod using keytool (with keytool, the java tool to manage keystores of cryptographic keys)

where can I take the public certificate used by mongod?

start restheart with following options: $ java -server -Djavax.net.ssl.trustStore=rhTrustStore -Djavax.net.ssl.trustStorePassword=changeit -Djavax.security.auth.useSubjectCredsOnly=false -jar restheart.jar restheart.yml

In this case option "use-embedded-keystore" in the restheart.yml conf file must have value=true or false and I should use own keystore? As I understand if the option have value true, this part of command

-Djavax.net.ssl.trustStore=rhTrustStore -Djavax.net.ssl.trustStorePassword=changeit -Djavax.security.auth.useSubjectCredsOnly=false

ignored? Or not?

2 answers

solution1
 0  2018-03-05 10:35:11

the option use-embedded-keystore controls the SSL certificate used by restheart for the https protocol and it has nothing to do with the connection to mongodb.

to connect to mongodb over SSL you have to install the public certificate used by mongodb in the java keystore and follow the instructions in the documentation.

solution2
 0  2018-03-16 06:45:44

You can find detailed documentation about connecting restheart to mongodb over Ssl at the following addess:

https://softinstigate.atlassian.net/wiki/x/FICM#InstallationandSetup-5.1ConnectRESTHearttoMongoDBoverTLS/SSL

5.1 Connect RESTHeart to MongoDB over TLS/SSL

MongoDB clients can use TLS/SSL to encrypt connections to mongod and mongos instances.

To configure RESTHeart for TLS/SSL do as follows:

create the keystore importing the public certificate used by mongod using keytool (with keytool, the java tool to manage keystores of cryptographic keys) 

 $ keytool -importcert -file mongo.cer -alias mongoCert -keystore rhTrustStore
 # asks for password, use "changeit"

specify the ssl option in the mongo-uri in the restheart yml configuration file: 

 mongo-uri: mongodb://your.mongo-domain.com?ssl=true

start restheart with following options: 

 $ java -server -Djavax.net.ssl.trustStore=rhTrustStore -Djavax.net.ssl.trustStorePassword=changeit -Djavax.security.auth.useSubjectCredsOnly=false -jar restheart.jar restheart.yml

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to connect to FTP over TLS/SSL (FTPS) server in Java How to connect to a docker daemon listening to ssl/tls connections over <HostVMIP>:2376 using Java? Spring boot / Java, mongodb SSL / TLS connectivity Unable to connect to Websocket server over TLS connect over ssl without certificate Using Java (HttpURLConnection) to authenticate to Restheart (for Mongodb) How can I securely connect to RESTHeart with a Token Java 8 , JCE Unlimited Strength Policy and SSL Handshake over TLS How to configure spring boot application to use SSL/TLS over MySQL? log4j2 kafka appender over TLS/SSL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM