从JAVA应用程序使用SSL连接到MongoDb
我有一个正在运行的MongoDb实例(单个实例),并且已启用SSL.我可以使用RoboMongo连接到它,在SSL选项卡上,我提供了以下内容:
I have a MongoDb instance running(single instance) with SSL enabled. I am able to connect to it with RoboMongo where on SSL tab I provide the following :
CA File : /path to my certificate/testCA.pem
PEM certificate/key: /path to my key/testKey.pem
成功连接的人.现在,我正在尝试从Java应用程序连接到相同的mondodb.我使用以下命令将testCA.pem导入了cacerts中:
Which successfully connects. Now I'm trying to connect to the same mondodb from java app. I imported the testCA.pem into cacerts using the following command:
keytool -import -keystore cacerts -file testCA.pem -storepass changeit
,我可以看到一个新条目已添加到商店中.试图在其中添加另一个密钥,并显示证书无效.在Java应用程序上,我将系统属性设置如下:
and I can see a new entry added to the store. Tried to add the other key into it and it says invalid certificate. On the Java app I set system property as following:
System.setProperty ("javax.net.ssl.trustStore","C:\\Program Files\\Java\\jre1.8.0_91\\lib\\security\\cacerts");
System.setProperty ("javax.net.ssl.trustStorePassword","changeit");
我收到以下错误:
org.springframework.dao.DataAccessResourceFailureException: Timed out after 10000 ms while waiting to connect. Client view of cluster state is {type=Unknown, servers=[{address=test.mongo.com:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.io.EOFException}}]; nested exception is com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting to connect. Client view of cluster state is {type=Unknown, servers=[{address=test.mongo.com:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.io.EOFException}}]
at org.springframework.data.mongodb.core.MongoExceptionTranslator.translateExceptionIfPossible(MongoExceptionTranslator.java:75)
at org.springframework.data.mongodb.core.MongoTemplate.potentiallyConvertRuntimeException(MongoTemplate.java:2075)
at org.springframework.data.mongodb.core.MongoTemplate.executeFindMultiInternal(MongoTemplate.java:1918)
我在这里想念的是什么,谢谢!
What am I missing here, thanks in advance!
除了使用以下命令导入CAFile.pem:
In addition to importing the CAFile.pem with the command:
(导航至您的java_home/jre/lib/security以运行命令)
(navigate to your java_home/jre/lib/security to run the commands)
1. keytool -import -trustcacerts -file testCA.pem -keystore cacerts -storepass "changeit"
我还必须将key.pem导出为pkcs12格式(默认密码'changeit')
I also had to export the key.pem into a pkcs12 format(default password 'changeit')
2. openssl pkcs12 -export -out mongodb.pkcs12 -in testKey.pem
除了设置系统属性trustStore/password外,还应该设置keyStore/password:
and in addition to setting system property trustStore/password, keyStore/password should also be set:
System.setProperty ("javax.net.ssl.trustStore",JAVA_HOME + "\\lib\\security\\cacerts");
System.setProperty ("javax.net.ssl.trustStorePassword","changeit");
System.setProperty ("javax.net.ssl.keyStore",JAVA_HOME + "\\lib\\security\\mongodb.pkcs12");
System.setProperty ("javax.net.ssl.keyStorePassword","changeit");