配置 Java 运行时环境以使用 SSL
- 1.将证书从数据库服务器导入客户端上的 Java 信任库。
使用 Java keytool实用程序将证书导入信任库。
示例:假设服务器证书存储在名为 mydbserver.arm 的文件中。发出以下keytool实用程序语句以从文件 mydbserver.arm 读取证书,并将其存储在名为 mynewdbclient.jks 的信任库中。
keytool -import -trustcacerts -alias myalias -file mydbserver.arm -keystore mynewdbclient.jks
输入密钥库口令:myClientPwd00
再次输入新口令:myClientPwd00
所有者: CN=myhost.mycompany.com, OU=myOrganizationUnit, O=myOrganization, L=myLocation, ST=ON, C=CA
发布者: CN=myhost.mycompany.com, OU=myOrganizationUnit, O=myOrganization, L=myLocation, ST=ON, C=CA
序列号: 50f2e0248df97724
有效期为 Sun Nov 07 10:09:36 CST 2021 至 Tue Nov 08 10:09:36 CST 2022
证书指纹:
MD5: FB:9C:91:98:A1:52:94:33:B2:DB:54:F0:8C:E5:A9:77
SHA1: 70:7B:CF:7A:92:CC:62:7A:8F:44:57:3A:B4:09:B0:1C:F3:C6:A6:82
SHA256: 0C:A2:3A:F8:3C:05:66:15:9A:10:13:D5:85:E2:40:66:C3:B0:1C:9C:86:37:2E:89:85:46:AE:BD:CB:C9:D8:B2
签名算法名称: SHA1withRSA
主体公共密钥算法: 1024 位 RSA 密钥
版本: 3
扩展:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AA 73 BA 4F 10 18 B7 F9 D6 62 76 E4 62 11 52 16 .s.O.....bv.b.R.
0010: 93 77 4F 20 .wO
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AA 73 BA 4F 10 18 B7 F9 D6 62 76 E4 62 11 52 16 .s.O.....bv.b.R.
0010: 93 77 4F 20 .wO
]
]
是否信任此证书? [否]: 是
证书已添加到密钥库中
- 2.java 代码:测试SSL方式连接DB2
import java.sql.*;
import java.util.Properties;
public class TestDb2SSL {
public static void main(String[] args) {
testSSLByUrl();
testSSLByProperties();
}
/**
* 测试通过属性参数连接数据库
*/
private static void testSSLByProperties() {
try {
Class.forName("com.ibm.db2.jcc.DB2Driver").newInstance();
String url = "jdbc:db2://192.168.5.131:60000/test";
Properties prop = new Properties();
prop.put("user", "db2inst1");
prop.put("password", "DB2_2021");
prop.put("sslConnection", "true");
prop.put("sslTrustStoreLocation", "D:\\DB2\\ssl\\mynewdbclient.jks");
prop.put("sslTrustStorePassword", "myClientPwd00");
System.out.println("测试通过属性参数连接数据库");
Connection conn = DriverManager.getConnection(url, prop);
System.out.println("连接正常! ");
PreparedStatement ps = conn.prepareStatement("SELECT current timestamp AS T from sysibm.dual");
ResultSet rs = ps.executeQuery();
rs.next();
System.out.println("T=" + rs.getObject(1));
conn.close();
} catch (Exception e) {
System.out.print(e);
}
}
/**
* 测试通过url方式连接方式
*/
private static void testSSLByUrl() {
try {
Class.forName("com.ibm.db2.jcc.DB2Driver").newInstance();
String url = "jdbc:db2://192.168.5.131:60000/test:sslTrustStorePassword=myClientPwd00;sslTrustStoreLocation=D:\\DB2\\ssl\\mynewdbclient.jks;sslConnection=true;";
String user = "db2inst1";
String password = "DB2_2021";
System.out.println("测试通过url方式连接方式");
Connection conn = DriverManager.getConnection(url, user, password);
System.out.println("连接正常!");
PreparedStatement ps = conn.prepareStatement("SELECT current timestamp AS T from sysibm.dual");
ResultSet rs = ps.executeQuery();
rs.next();
System.out.println("T=" + rs.getObject(1));
conn.close();
} catch (Exception e) {
System.out.print(e);
}
}
}
参考
https://www.ibm.com/docs/en/db2/10.5?topic=sqlj-data-server-driver-jdbc-support-ssl