使用Java与MySQL服务器的SSL连接
[英]SSL connection to MySQL server with Java
问题描述
我正在尝试使用Java over SSL连接到MySQL服务器。 我收到以下异常:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot connect to MySQL server on www.mysite.com:3306.
Make sure that there is a MySQL server running on the machine/port you are trying to connect to and that the machine this software is running on is able to connect to this host/port (i.e. not firewalled). Also make sure that the server has not been started with the --skip-networking flag.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
at com.mysql.jdbc.Util.getInstance(Util.java:382)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1013)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:987)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:982)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:927)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:827)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:378)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:305)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.UnsupportedOperationException: The method shutdownInput() is not supported in SSLSocket
at sun.security.ssl.BaseSSLSocketImpl.shutdownInput(Unknown Source)
at com.mysql.jdbc.MysqlIO.forceClose(MysqlIO.java:506)
at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2404)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2163)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:794)
... 25 more
这是我的代码:
properties = new Properties();
properties.put("user", "myuser");
properties.put("password", "mypassword");
properties.put("useSSL", "true");
System.setProperty("javax.net.ssl.keyStore", "keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "keystorepass");
System.setProperty("javax.net.ssl.trustStore", "truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "truststorepass");
connection = DriverManager.getConnection("jdbc:mysql://www.mysite.com:3306/mydatabase", properties);
细节
密钥库和信任库创建
我生成了密钥库和信任库,如下所示:
openssl pkcs12 -export -inkey client-key.pem -in client-cert.pem > keystore.p12
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS
openssl x509 -outform der -in ca.pem -out ca.der
keytool -import -file ca.der -alias myCA -keystore truststore.jks
原始证书
这是我的证书清单:
- ca.pem
- 客户key.pem
- 客户cert.pem
- 服务器key.pem
- 服务器cert.pem
无SSL连接
以下代码工作正常,只是为了演示我可以用Java连接到MySQL服务器:
properties = new Properties();
properties.put("user", "myuser");
properties.put("password", "mypassword");
connection = DriverManager.getConnection("jdbc:mysql://www.mysite.com:3306/mydatabase", properties);
在命令行上使用MySQL时,SSL上的连接有效
我使用以下命令启动MySQL服务器:
mysqld --ssl-ca=ca.pem --ssl-cert=server-cert.pem --ssl-key=server-key.pem
然后我使用MySQL命令连接到它:
mysql --host=www.mysite.com --user=myuser --password=mypassword --database=mydatabase --ssl-ca=ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem
这工作,并在查询SHOW STATUS LIKE 'Ssl_cipher'得到正确的结果:
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 个解决方案
解决方案1
1 2015-12-08 19:58:23
如果您遇到此问题,请至少确保将CA证书导入JRE的密钥库!
keytool -import -noprompt -trustcacerts -alias <uniqueCAAlias> -file ca.pem -keystore <pathtocacerts>
(您可能必须将“ca.pem”文件的名称更改为您自己的CA证书文件名)
请记住保持<uniqueCAAlias>独特的东西。 此外,更改<pathtocacerts>以使其与JVM的路径匹配。 请注意,这很可能是最高版本的JRE,但它也可能是SDK的JRE或安装的不同JRE(如“C:\\ Program Files \\ Java \\ jre1.8.0_25 \\ lib \\ security \\ cacerts”) )
您需要输入JVM信任库的密码:此密码始终为“changeit”。
我不能保证这会解决问题,但这是我在做这个工作时迈出的重要一步,我最终得到了它。
与浏览器和Java服务器建立客户端/服务器SSL连接?
[英]Establish client/server SSL connection with browser and my java server?
使用 Java 建立到 MySQL Amazon RDS (SSL/TLS) 的安全连接
[英]Using Java to establish a secure connection to MySQL Amazon RDS (SSL/TLS)
如何使用Java配置与Azure托管的MySQL的SSL连接?
[英]How to configure SSL connection to MySQL hosted on Azure with Java?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.