我正在尝试在 JDBC 和 AWS RDS 之间建立 SSL 连接。在这里,我使用以下命令创建了一个 keystore :
# convert certificate into java understandable format
openssl x509 -outform der -in rds-combined-ca-bundle.pem -out rds-combined-ca-bundle.der
# importing the certificate to keystore
sudo keytool -keystore keystore -alias rds_postgresql -import -file rds-combined-ca-bundle.der
然后直接在应用中设置keystore的值和keystore password
System.setProperty("javax.net.ssl.keyStore", "/path/of/the/keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "******");
但是,在添加所有这些设置之后,我得到以下错误
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_131]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_131]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_131]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_131]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_131]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_131]
这里有什么问题吗?
我按照本教程设置 SSL:
https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html
最佳答案
由于rds-combined-ca-bundle.pem
包含一堆证书,如果我们将它们拆分并为所有证书创建.pem
文件并将它们导入到keystore
分开,它会工作。
问题是因为将整个rds证书包导入keystore导致的
关于java - MySQL RDS 和 JDBC SSL 连接给出错误 : unable to find valid certification path to requested target,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47072254/