How use cacerts and jks trustore togeser,
Question
How to use cacerts and jks together in one Spring Boot application.
Now I am using external loading by cacert script at application start
-Djavax.net.ssl.trustStore="/opt/app/cacerts" \
Now to work with another microsevis I need to configure another SSL. I was given a jks file for setting up an ssl
How to add another trustore jks
1 answers
solution1
1 2020-11-08 07:30:44
It looks like spring boot is by default loading the jdk trusted certificates during boot-up. Try to run your application with the following vm argument: -Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake while having an application.properties file setup like below
I have tried it with a basic setup and have only configured my application properties file, see the content below.
server:
port: 8443
ssl:
enabled: true
key-store: classpath:identity.jks
key-password: secret
key-store-password: secret
trust-store: classpath:truststore.jks
trust-store-password: secret
client-auth: need
When booting up my application I see in the logs that spring first loads the default jdk truststore (cacerts) with 93 trusted certificates and afterwords it also loads the key entry and another trusted certificates. These two entries are originated from my keystore and truststore. So you don't need to programatically combine the jdk truststore and your own truststore and supply it to spring. So could you try to remove your -Djavax.net.ssl.trustStore="/opt/app/cacerts" \\ line and adjust your application.properties file with referencing only to your custom jks file as a truststore?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.