java 如何配置 Spring Boot 应用程序以在 MySQL 上使用 SSL/TLS?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/43635449/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to configure spring boot application to use SSL/TLS over MySQL?
提问by Youssouf Maiga
I set up SSL on my MySQL server.
我在我的 MySQL 服务器上设置了 SSL。
I generated few certicates for CA (ca.pem, ca-key.pem), for client (client-cert.pem, client-key.pem) and server (server-cert.pem and server-key.pem).
我为 CA(ca.pem、ca-key.pem)、客户端(client-cert.pem、client-key.pem)和服务器(server-cert.pem 和 server-key.pem)生成了一些证书。
In spring boot configuration file, here is the link to MySQL defined in application.yml file : jdbc:mysql://host:3306/bdd_name?useUnicode=true&characterEncoding=utf8&useSSL=true&requireSSL=true
在 spring boot 配置文件中,这里是 application.yml 文件中定义的 MySQL 链接:jdbc:mysql://host:3306/bdd_name?useUnicode=true&characterEncoding=utf8&useSSL=true&requireSSL=true
I verify that my certicates are with openssl verify and I verify also by using a mysql client to set up a connection.
我验证我的证书是否使用 openssl verify 并且我还通过使用 mysql 客户端建立连接来验证。
How to set the link Spring Boot application to my certificates (I have *.pem files) to finish my configuration ?
如何将链接 Spring Boot 应用程序设置为我的证书(我有 *.pem 文件)以完成我的配置?
回答by gavenkoa
Check my answer: https://stackoverflow.com/a/51879119/173149
检查我的答案:https: //stackoverflow.com/a/51879119/173149
I don't like to pollute javaoptions or system properties, which are useless in application containers in any case...
我不喜欢污染java选项或系统属性,它们在任何情况下在应用程序容器中都是无用的......
You can set SSL certificate for MySQL connection programmically with:
您可以使用以下命令以编程方式为 MySQL 连接设置 SSL 证书:
jdbc:mysql://example.com:3306/MYDB?verifyServerCertificate=true&useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:cert/keystore.jks&clientCertificateKeyStorePassword=123456&trustCertificateKeyStoreUrl=file:cert/truststore.jks&trustCertificateKeyStorePassword=123456
jdbc:mysql://example.com:3306/MYDB?verifyServerCertificate=true&useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:cert/keystore.jks&clientCertificateKeyStorePassword=123456&trustCertificateKeyStoreUrl=file:cert/truststore.jerstificateKeyStoreUrl&
It is documented:
它记录在案:
回答by Youssouf Maiga
You need to add the "*.pem"files (cert and key) in a keystoreand the CA in a "truststore".
您需要添加“*。质子交换膜”的文件(证书和密钥)密钥存储在与CA “信任”。
This link explains well how to create your own keystore and truststore [link] http://roopindersingh.com/programming/converting-pem-certificates-and-private-keys-to-jks/
此链接很好地解释了如何创建自己的密钥库和信任库 [链接] http://roopindersingh.com/programming/converting-pem-certificates-and-private-keys-to-jks/
After you have to add in JVM paramaters
在你必须添加 JVM 参数之后
-Djavax.net.ssl.keyStore=/path/to/keystore/keystore.jks
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=/path/to/keystore/truststore.jks
-Djavax.net.ssl.trustStorePassword=password
![java 无法为 XAMPP 和 Eclipse IDE 创建请求的服务 [org.hibernate.engine.jdbc.env.spi.JdbcEnvironment]](/res/img/loading.gif)