mysql 证书双向认证_证书双向认证 - 一刀的个人空间 - OSCHINA - 中文开源技术交流社区...

最新推荐文章于 2022-11-27 00:39:05 发布
最新推荐文章于 2022-11-27 00:39:05 发布
阅读量225 收藏
点赞数
文章标签: mysql 证书双向认证
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_32589453/article/details/114337593
版权
本文详细介绍了如何配置MySQL的证书双向认证,包括Nginx、Tomcat和SpringBoot的配置步骤,并提供了相关代码示例。同时,还讲解了客户端如何进行证书校验和加载,确保安全的数据传输。
摘要由CSDN通过智能技术生成

服务端

Nginx配置

server {

listen 8800 ssl;

server_name 127.0.0.1;

ssl_certificate /usr/local/NSP/nginx/certificate/nginx.crt;

ssl_certificate_key /usr/local/NSP/nginx/certificate/nginx.key;

ssl_password_file /usr/local/NSP/nginx/certificate/fifo;

ssl_protocols TLSv1.2;

ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES256-SHA:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH";

ssl_prefer_server_ciphers on;

ssl_dhparam ./ssl/dh2048.pem;

root /usr/local/NSP/nginx/html/deployui;

location /GatewayService/ {

proxy_pass https://10.31.31.112:18006/GatewayService/;

#如果证书里面配置了common name,且和proxy_pass中的ip不匹配,设置此参数为common name

proxy_ssl_name server.xncoding.com;

proxy_ssl_protocols TLSv1.1 TLSv1.2;

proxy_ssl_certificate /usr/local/NSP/nginx/certificate/nginx.crt;

proxy_ssl_certificate_key /usr/local/NSP/nginx/certificate/nginx.key;

proxy_ssl_password_file /usr/local/NSP/nginx/certificate/fifo;

proxy_ssl_trusted_certificate /usr/local/NSP/nginx/certificate/root.crt;

proxy_ssl_verify on;

proxy_ssl_verify_depth 2;

proxy_connect_timeout 600s;

proxy_read_timeout 600s;

proxy_send_timeout 600s;

default_type application/json;

proxy_intercept_errors off;

break;

}

}

Tomcat配置

注意下面的truststoreAlgorithm="SunX509" 是在tomcat8.5版本之后必须要添加的配置

acceptCount="100" maxHttpHeaderSize="8192" maxKeepAliveRequests="100"

scheme="https" secure="true"

keystoreFile="conf/server.p12"

keystorePass="222222"

keystoreType="PKCS12"

clientAuth="true"

truststoreFile="conf/root.p12"

truststorePass="333333"

truststoreType="PKCS12"

truststoreAlgorithm="SunX509"

ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"

maxPostSize="10240" connectionTimeout="20000"

allowTrace="false" xpoweredBy="false"

server="WebServer"

URIEncoding="UTF-8" sslEnabledProtocols="TLSv1.2,TLSv1.1"/>

SpringBoot配置

server:

ssl:

enabled: true

key-store: /cert/server.p12

key-store-password: 222222

key-store-type: PKCS12

trust-store: /cert/root.p12

trust-store-password: 333333

trust-store-type: PKCS12

client-auth: need

客户端

客户端RestTemplate

maven依赖

org.springframework.cloud

spring-cloud-commons

provided

com.sun.jersey.contribs

jersey-apache-client4

1.19.1

com.netflix.eureka

eureka-client

provided

org.springframework.boot

spring-boot-configuration-processor

provided

org.springframework.boot

spring-boot-autoconfigure

provided

org.springframework.boot

spring-boot-starter-web

provided

org.slf4j

slf4j-api

provided

HttpClientProperties类

@Component

@ConfigurationProperties(prefix = "dc.security.https.httpclient")

public class HttpClientProperties {

/**

* 是否开启服务端证书校验

*/

private boolean enabled = true;

/**

* 是否开启客户端证书发送

*/

private boolean clientCert = false;

/**

* 是否支持客户端负载均衡

*/

private boolean loadBalanced = true;

/**

* 是否支持eureka注册发现

*/

private boolean eureka = true;

/**

* CA根证书密钥库文件

*/

private String caRootCertKeyStore;

/**

* CA根证书密钥库密码

*/

private String caRootCertPassword;

/**

* 客户端证书库文件

*/

private String clientCertKeyStore;

/**

* 客户端证书库密码

*/

private String clientCertPassword;

/**

* 建立连接的超时时间

*/

private int connectTimeout = 20000;

/**

* 连接不够用的等待时间

*/

private int requestTimeout = 20000;

/**

* 每次请求等待返回的超时时间

*/

private int socketTimeout = 30000;

/**

* 每个主机最大连接数

*/

private int defaultMaxPerRoute = 100;

/**

* 最大连接数

*/

private int maxTotalConnections = 300;

/**

* 连接保持活跃的时间(Keep-Alive)

*/

private int defaultKeepAliveTimeMillis = 20000;

/**

* 空闲连接的生存时间

*/

private int closeIdleConnectionWaitTimeSecs = 30;

}

X509Util工具类

public class X509Util {

private static final Logger logger = LoggerFactory.getLogger(X509Util.class);

public static SSLContext initSslContext(HttpClientProperties properties) {

// 加载服务端信任Keystore

X509TrustManager origTrustmanager = getX509TrustManager(properties);

TrustManager[] wrappedTrustManagers = new TrustManager[]{

new X509TrustManager() {

@Override

public X509Certificate[] getAcceptedIssuers() {

logger.debug(">>>>>>>>>>>>>> getAcceptedIssuers 00000000000000000 start ...");

return origTrustmanager.getAcceptedIssuers();

}

@Override

public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {

logger.debug(">>>>>>>>>>>>>> checkClientTrusted 111111111111 start ...");

origTrustmanager.checkClientTrusted(certs, authType);

}

@Override

public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {

logger.debug(">>>>>>>>>>>>>> checkServerTrusted 222222222222222 start ...");

// Original trust checking

origTrustmanager.checkServerTrusted(certs, authType);

if (certs.length > 1) {

for (int i = 1; i < certs.length; i++) {

X509Certificate ca = certs[i];

// 根证书的扩展属性中“基本限制”属性是否包括“CA”

if (ca.getBasicConstraints() == -1) {

logger.error("check CA certificate error");

throw new CertificateException("not a CA certificate");

}

// 根证书的扩展属性中“密钥用法”中是否包括“证书签名”属性

/*

* KeyUsage ::= BIT STRING {

* digitalSignature (0),

* nonRepudiation (1),

* keyEncipherment (2),

* dataEncipherment (3),

* keyAgreement (4),

* keyCertSign (5),

* cRLSign (6),

* encipherOnly (7),

* decipherOnly (8) }

*/

boolean[] keyUsages = ca.getKeyUsage();

if (!keyUsages[5]) {

logger.error("check keyusage keyCertSign error");

throw new CertificateException("keyusage has not value keyCertSign");

}

}

}

}

}

};

try {

SSLContext sslContext = SSLContext.getInstance("TLS");

if (properties.isClientCert()) { // 如果开启客户端证书校验,则需要发送客户端证书

sslContext.init(getX509KeyManagers(properties), wrappedTrustManagers, new java.security.SecureRandom());

} else { // 否则不需要发送客户端证书

sslContext.init(null, wrappedTrustManagers, new java.security.SecureRandom());

}

return sslContext;

} catch (NoSuchAlgorithmException | KeyManagementException e) {

throw new RuntimeException("init sslContext error");

}

}

public static X509TrustManager getX509TrustManager(HttpClientProperties properties) {

String caRootCertKeyStore = properties.getCaRootCertKeyStore();

try {

PathUtils.checkRegularAndSecure(caRootCertKeyStore);

} catch (SecurityException e) {

throw new RuntimeException("init trustManager, check regular and secure error", e);

}

try (FileInputStream rootKeyStore = new FileInputStream(caRootCertKeyStore)) {

// 加载服务端信任根证书库

KeyStore trustKeyStore = KeyStore.getInstance("PKCS12");

trustKeyStore.load(rootKeyStore, properties.getCaRootCertPassword().toCharArray());

// 初始化服务端信任证书管理器

TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

tmf.init(trustKeyStore);

TrustManager[] trustManagers = tmf.getTrustManagers();

return (X509TrustManager) trustManagers[0];

} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException e) {

throw new RuntimeException("init trustManager error", e);

}

}

private static KeyManager[] getX509KeyManagers(HttpClientProperties properties) {

String clientCertKeyStore = properties.getClientCertKeyStore();

try {

PathUtils.checkRegularAndSecure(clientCertKeyStore);

} catch (SecurityException e) {

throw new RuntimeException("init KeyManager, check regular and secure error", e);

}

try (FileInputStream clientKeystore = new FileInputStream(clientCertKeyStore)) {

// 加载客户端证书库

KeyStore clientKeyStore = KeyStore.getInstance("PKCS12");

clientKeyStore.load(clientKeystore, properties.getClientCertPassword().toCharArray());

KeyManagerFactory keyManagerFactory = KeyManagerFactory

.getInstance(KeyManagerFactory.getDefaultAlgorithm());

keyManagerFactory.init(clientKeyStore, properties.getClientCertPassword().toCharArray());

return keyManagerFactory.getKeyManagers();

} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException e) {

throw new RuntimeException("init keyManagers error", e);

}

}

}

ICrlService服务类

public interface ICrlService {

/**

* 实现此方法查询证书吊销列表

*

* @return 证书吊销序列号集合

*/

Set getCrlList();

}

AbstractUserInfoInterceptor

public abstract class AbstractUserInfoInterceptor implements HttpRequestInterceptor {

private static final Logger _logger = LoggerFactory.getLogger(AbstractUserInfoInterceptor.class);

/**

* 内部微服务之间调用增加的用户信息头

*/

private static final String HEADER_ACCESS_USER = "access-user";

public void process(HttpRequest request, HttpContext context) {

_logger.debug("ClientIPInterceptor start to handle...");

request.addHeader(HEADER_ACCESS_USER, loadUserInfo());

}

/**

* 加载用户信息

*

* @return 用户信息

*/

protected abstract String loadUserInfo();

}

AbstractClientIPInterceptor

public abstract class AbstractClientIPInterceptor implements HttpRequestInterceptor {

private static final Logger _logger = LoggerFactory.getLogger(AbstractClientIPInterceptor.class);

/**

* 内部微服务之间调用增加的IP地址头

*/

private static final String HEADER_X_REMOTE_USER_IP = "X-Remote-User-IP";

public void process(HttpRequest request, HttpContext context) {

_logger.debug("ClientIPInterceptor start to handle...");

request.addHeader(HEADER_X_REMOTE_USER_IP, loadRemoteClientIp());

}

/**

* 加载用户真实IP地址

*

* @return 用户真实IP地址

*/

protected abstract String loadRemoteClientIp();

}

SecurityEurekaClientConfig

@Configuration

@EnableConfigurationProperties({HttpClientProperties.class})

@ConditionalOnProperty(value = "dc.security.https.httpclient.eureka", havingValue = "true", matchIfMissing = true)

public class SecurityEurekaClientConfig {

private static final Logger logger = LoggerFactory.getLogger(SecurityEurekaClientConfig.class);

@Autowired

private HttpClientProperties properties;

@Bean

public DiscoveryClient.DiscoveryClientOptionalArgs discoveryClientOptionalArgs() {

logger.info("DiscoveryClient.DiscoveryClientOptionalArgs init ...");

EurekaJerseyClientImpl.EurekaJerseyClientBuilder builder = new EurekaJerseyClientImpl.EurekaJerseyClientBuilder();

builder.withClientName("eureka-client");

builder.withCustomSSL(sslContextEureka());

builder.withMaxTotalConnections(10);

builder.withMaxConnectionsPerHost(10);

DiscoveryClient.DiscoveryClientOptionalArgs args = new DiscoveryClient.DiscoveryClientOptionalArgs();

args.setEurekaJerseyClient(builder.build());

return args;

}

private SSLContext sslContextEureka() {

logger.info("SecurityEurekaClientConfig init sslContext...");

return X509Util.initSslContext(properties);

}

}

主配置类SecurityHttpClientConfig

/**

* 支持HTTPS协议访问和证书双向认证的HttpClient配置类

*

* @author x00482439

* @version v1.0, 2019-05-14

* @since Security SDK

*/

@Configuration

@ConditionalOnProperty(value = "dc.security.https.httpclient.enabled", havingValue = "true")

@EnableScheduling

@EnableConfigurationProperties({HttpClientProperties.class})

public class SecurityHttpClientConfig {

private static final Logger logger = LoggerFactory.getLogger(SecurityHttpClientConfig.class);

@Autowired

private HttpClientProperties properties;

@Autowired

protected ApplicationContext context;

@Bean(name = "simpleRestTemplate")

@ConditionalOnMissingBean(name = "simpleRestTemplate")

@ConditionalOnProperty(value = "dc.security.https.httpclient.simple", havingValue = "true")

public RestTemplate simpleRestTemplate(RestTemplateBuilder restTemplateBuilder) {

logger.info("simple RestTemplate initialize");

return restTemplateBuilder.build();

}

@Bean(name = "restTemplate")

@ConditionalOnMissingBean(name = "restTemplate")

@ConditionalOnProperty(value = "dc.security.https.httpclient.load-balanced", havingValue = "true", matchIfMissing = true)

@LoadBalanced

public RestTemplate restTemplate(RestTemplateBuilder restTemplateBuilder) {

logger.info("loadBalanced RestTemplate initialize");

return restTemplateBuilder.build();

}

@Bean

@DependsOn(value = {"customRestTemplateCustomizer"})

public RestTemplateBuilder restTemplateBuilder(

MappingJackson2HttpMessageConverter jackson2HttpMessageConverter, SSLContext sslContext) {

RestTemplateBuilder builder = new RestTemplateBuilder(customRestTemplateCustomizer(sslContext));

List> messageConverters = new ArrayList<>();

StringHttpMessageConverter stringHttpMessageConverter = new StringHttpMessageConverter(StandardCharsets.UTF_8);

FormHttpMessageConverter formMessageConverter = new FormHttpMessageConverter();

messageConverters.add(stringHttpMessageConverter);

messageConverters.add(jackson2HttpMessageConverter);

messageConverters.add(formMessageConverter);

builder.messageConverters(messageConverters);

return builder;

}

@Bean

public RestTemplateCustomizer customRestTemplateCustomizer(SSLContext sslContext) {

return restTemplate -> {

HttpComponentsClientHttpRequestFactory rf = new HttpComponentsClientHttpRequestFactory();

rf.setHttpClient(httpClient(sslContext));

restTemplate.setRequestFactory(rf);

};

}

@Bean

public SSLContext sslContext() {

logger.info("SecurityHttpClientConfig init sslContext...");

return X509Util.initSslContext(properties);

}

@Bean

public PoolingHttpClientConnectionManager poolingConnectionManager(SSLContext sslContext) {

SSLConnectionSocketFactory sslsf;

try {

HostnameVerifier hostnameVerifier = (s, sslSession) -> {

try {

Certificate[] certs = sslSession.getPeerCertificates();

X509Certificate x509 = (X509Certificate) certs[0];

} catch (SSLPeerUnverifiedException e) {

logger.error("hostnameVerifier error", e);

return false;

}

return true;

};

sslsf = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);

} catch (Exception e) {

logger.error("Pooling Connection Manager Initialisation failure");

throw new RuntimeException("Pooling Connection Manager Initialisation failure", e);

}

Registry socketFactoryRegistry = RegistryBuilder

.create()

.register("https", sslsf)

.register("http", new PlainConnectionSocketFactory())

.build();

PoolingHttpClientConnectionManager poolingConnectionManager

= new PoolingHttpClientConnectionManager(socketFactoryRegistry);

poolingConnectionManager.setMaxTotal(properties.getMaxTotalConnections()); //连接池最大连接数

poolingConnectionManager.setDefaultMaxPerRoute(properties.getDefaultMaxPerRoute()); //同路由最大连接数

return poolingConnectionManager;

}

@Bean

public ConnectionKeepAliveStrategy connectionKeepAliveStrategy() {

return (response, httpContext) -> {

HeaderElementIterator it = new BasicHeaderElementIterator

(response.headerIterator(HTTP.CONN_KEEP_ALIVE));

while (it.hasNext()) {

HeaderElement he = it.nextElement();

String param = he.getName();

String value = he.getValue();

if (value != null && param.equalsIgnoreCase("timeout")) {

return Long.parseLong(value) * 1000;

}

}

return properties.getDefaultKeepAliveTimeMillis();

};

}

private CloseableHttpClient httpClient(SSLContext sslContext) {

RequestConfig requestConfig = RequestConfig.custom()

.setConnectionRequestTimeout(properties.getRequestTimeout()) //从池中获取请求的时间

.setConnectTimeout(properties.getConnectTimeout()) //连接到服务器的时间

.setSocketTimeout(properties.getSocketTimeout()).build(); //读取信息时间

HttpClientBuilder httpClientBuilder = HttpClients.custom()

.setDefaultRequestConfig(requestConfig)

.setConnectionManager(poolingConnectionManager(sslContext))

.setConnectionManagerShared(true)

.setKeepAliveStrategy(connectionKeepAliveStrategy())

.setRetryHandler(new DefaultHttpRequestRetryHandler(3, true));

// 增加请求拦截器

Map interceptorMap = context.getBeansOfType(HttpRequestInterceptor.class);

if (interceptorMap.size() > 0) {

for (HttpRequestInterceptor interceptor : interceptorMap.values()) {

httpClientBuilder.addInterceptorLast(interceptor);

}

}

return httpClientBuilder.build();

}

/**

* You can't set an idle connection timeout in the config for Apache HTTP Client. The reason is that there is a

* performance overhead in doing so.

*

* The documentation clearly states why, and gives an example of an idle connection monitor implementation you can

* copy. Essentially this is another thread that you run to periodically call closeIdleConnections on

* HttpClientConnectionManager

*

* http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html

*

* @return 线程

*/

@Bean

public Runnable idleConnectionMonitor() {

return new Runnable() {

@Override

@Scheduled(fixedDelay = 10000)

public void run() {

try {

PoolingHttpClientConnectionManager connectionManager = poolingConnectionManager(sslContext());

logger.trace("run IdleConnectionMonitor - Closing expired and idle connections...");

connectionManager.closeExpiredConnections();

connectionManager

.closeIdleConnections(properties.getCloseIdleConnectionWaitTimeSecs(), TimeUnit.SECONDS);

} catch (Exception e) {

logger.error("run IdleConnectionMonitor - Exception occurred.", e);

}

}

};

}

@Bean

@ConditionalOnMissingBean(TaskScheduler.class)

public TaskScheduler taskScheduler() {

ThreadPoolTaskScheduler scheduler = new ThreadPoolTaskScheduler();

scheduler.setThreadNamePrefix("poolScheduler");

scheduler.setPoolSize(10);

return scheduler;

}

@Bean

@ConditionalOnMissingBean(ICrlService.class)

public ICrlService crlService() {

return HashSet::new;

}

}

客户端配置

dc:

security:

https:

httpclient:

enabled: true

ca-root-cert-key-store: /cert/root.p12 #根证书库

ca-root-cert-password: 333333 #根证书库密码

client-cert: true #开启客户端证书

client-cert-key-store: /cert/server.p12 #客户端证书库

client-cert-password: 222222 #客户端证书库密码

天使投资人Adam
关注
Nginx SSL模块配置提供HTTPS支持(Ngx_http_ssl_module)
Gao_ning的博客
01-29 1万+
Ngx_http_ssl_module:此模块为Nginx提供HTTPS支持; 官方文档:http://nginx.org/en/docs/http/ngx_http_ssl_module.html 相关指令:     ssl on/off:SSL功能启用/不启用;     ssl_buffer_size:设置用于发送数据的缓冲区大小;     ssl_certificate
http rest JAVA_HttpClient的RestTemplate - Java配置示例
weixin_30768881的博客
02-15 228
HttpClient配置在HttpClientConfig课堂上,我们主要配置两件事 -并设置一个idleConnectionMonitor线程,它会定期检查所有连接并释放尚未使用的空闲时间和空闲时间。真正使用的http客户端是RestTemplate用于获取与API端点的连接。import java.security.KeyManagementException;import java.secu...
mysql 证书双向认证_https证书双向验证
weixin_35620837的博客
01-19 202
{"moduleinfo":{"card_count":[{"count_phone":1,"count":1}],"search_count":[{"count_phone":4,"count":4}]},"card":[{"des":"阿里云数据库专家保驾护航,为用户的数据库应用系统进行性能和风险评估,参与配合进行数据压测演练,提供数据库优化方面专业建议,在业务高峰期与用户共同保障数据库系统平...
CRT、CER、PEM、DER编码、JKS、KeyStore等格式证书说明及转换
changcsw的专栏
05-26 5326
文章参考及借鉴学习: https://blog.csdn.net/jiang877864109/article/details/113416923 https://blog.csdn.net/xiangguiwang/article/details/76400805 https://blog.csdn.net/carcoon/article/details/106133668 https://blog.csdn.net/qq_18105691/article/details/83339101.
nginx(六十八)proxy模块(八)nginx与上游的ssl握手
wzj_110的博客
11-27 4286
对上游使用证书(指定自身使用的证书)的SSL/TLS握手。nginx与后端选择。nginx作为客户端。④ 验证上游的证书
基于小程序云开发的体育场馆预约小程序研发总结 - CC同学呀的个人空间 - OSCHINA - 中文开源技术交流社区.html
最新发布
11-16
基于小程序云开发的体育场馆预约小程序研发总结 - CC同学呀的个人空间 - OSCHINA - 中文开源技术交流社区.html
mysql查询95031班人数_MySQL的查询练习 - osc_1ngzqx2h的个人空间 - OSCHINA - 中文开源技术交流社区...
weixin_29094775的博客
01-28 2648
student表 teacher表 course表 score表 对这四个表进行一些练习。1:查询student表中所有记录。select *from student;2:查询student表中name/sex/classid这些列。select name,sex,classid from student;3:查询教师中不重复的单位department。select distinct depar...
mysql跳过报错继续导入_MySQL 导入数据 - osc_pwohted5的个人空间 - OSCHINA - 中文开源技术交流社区...
weixin_35705784的博客
02-19 1622
MySQL 导入数据本章节我们为大家介绍几种简单的 MySQL 导出的数据的命令。1、mysql 命令导入使用 mysql 命令导入语法格式为:mysql -u用户名 -p密码 < 要导入的数据库数据(runoob.sql)实例:# mysql -uroot -p123456 < runoob.sql以上命令将将备份的整个数据库 runoob.sql 导入。2、source 命令导入s...
策略模式与模板模式的区别 - Eviltuzki的个人页面 - OSCHINA - 中文开源技术交流社区.mht
06-28
策略模式与模板模式的区别 - Eviltuzki的个人页面 - OSCHINA - 中文开源技术交流社区.mht
h2数据库支持mysql语法吗_H2数据库攻略 - Yemon的个人空间 - OSCHINA - 中文开源技术交流社区...
weixin_36294980的博客
02-15 1117
欢迎入群技术交流:466355109,技术不全没关系,只要有交流的心就尽管来吧H2是一个开源的嵌入式数据库引擎,采用java语言编写,不受平台的限制,同时H2提供了一个十分方便的web控制台用于操作和管理数据库内容。H2还提供兼容模式,可以兼容一些主流的数据库,因此采用H2作为开发期的数据库非常方便。一、引入Maven依赖在maven中定义H2数据库的版本属性1.3.172ataNode对象}添加...
支持国密SSL通信协议的TOMCAT8.5.45,大宝CA版本,0.99版本,2019.09.17
09-17
使用方法见:https://blog.csdn.net/upset_ming/article/details/94435288 1. 修改了以前版本中的一些BUG 2. 可以适配360、密信、海泰等国密浏览器 3. 支持国密SSL双向认证
ssl证书申请以及nginx证书的配置
CSDN文章已停止维护,后续文章会在 https://blog.hufeifei.cn 持续更新
06-03 6648
准备知识 SSL/TLS:这两个分别是Secure Socket Layer(安全套接字层),Transport Layer Security(传输层安全)的缩写。TLS是SSL的继承者,如果不是搞安全的专业人员,完全可以认为他们是一样的东西。 关于这两者的差异可以参考https://kb.cnblogs.com/page/197396/ key:因为SSL/TLS使用非对称加密算法
【Nginx】反向代理流程一
Edidaughter的博客
11-14 774
1.作用 The ngx_http_proxy_module module allows passing requests to another server. ngx_http_proxy_module可以实现功能转发. 2.ngx_http_proxy_module的总括 官方文档 http://nginx.org/en/docs/http/ngx_http_proxy_module.html Example Configuration location / { proxy.
java ssl握手日志 was_在websphere app server中添加了密码ssl-rsa-u和密码aes-128-gcm-sha256,但在日志中看不到,发生握手异常...
weixin_31855625的博客
02-27 171
我们正在WebSphere和TLSV1.2系统之间进行集成,由于密码不匹配[证书和客户端TLS版本匹配],它将引发握手异常。我们已经将所需的密码添加到服务器[ssl_sa_rsa_with_aes_128_gcm_sha256]中,但它没有显示在日志中。所以握手失败了。[根据目标系统网络团队,以下列出的所有密码均为TLSV1,因此无法添加到其服务器中]从SSL日志:Cipher Suites: [...
手把手教你Nginx常用模块详解之ngx_stream_ssl_module(七)
菜鸟路上的小白
08-14 3170
ssl_client_cert以建立的SSL连接的PEM格式返回客户端证书,每行除第一行加上制表符(1.11.8);$ssl_client_i_dn根据RFC 2253(1.11.8),为建立的SSL连接返回客户端证书的“颁发者DN”字符串;$ssl_client_raw_cert以建立的SSL连接(1.11.8)的PEM格式返回客户证书;$ssl_client_s_dn根据RFC 2253(1.11.8)返回已建立的SSL连接的客户端证书的“主题DN”字符串;启用客户端证书的验证。............
proxy如何解决需要用户名密码
热门推荐
long_live_zlp的博客
03-15 1万+
首先获取代理, 并且判断是否代理打开/** * 获取代理 * * @return */ private Map&lt;String,Object&gt; getProxy() { Map&lt;String,Object&gt; map = new HashMap&lt;String,Object&gt;(); HttpHos...
【SSL+Tomcat】Tomcat怎么部署SSL证书
想和派大星一样
10-04 2484
基础环境: CentOS 7.6 Tomcat 8 前提条件: 你需要申请一个ssl证书,申请获得的证书结构正常是这样的,这里我们只需要用到Tomcat目录里的文件 Tomcat文件夹中一般有两个文件,一个是秘钥库文件(域名.jks),还有一个是秘钥库密码文件(因为我这里自己设置了私钥密码,所以没有这个文件) 部署步骤: 这里修改的文件都在/opt/****/apache-t...
新特性解读 | MySQL 8.0 多因素身份认证
ActionTech的博客
03-16 4393
作者:金长龙 爱可生测试工程师,负责DMP产品的测试工作 本文来源:原创投稿 *爱可生开源社区出品,原创内容未经授权不得随意使用,转载请联系小编并注明来源。 MySQL 8.0.27 增加了多因素身份认证(MFA)功能,可以为一个用户指定多重的身份校验。为此还引入了新的系统变量 authentication_policy ,用于管理多因素身份认证功能。 我们知道在 MySQL 8.0.27 之前,create user 的时候可以指定一种认证插件,在未明确指定的情况下会取系统变量 default_au.
查看/usr/local/ 下的文件 mac
weixin_34413802的博客
10-27 3382
查看/usr/local/ 下的文件 mac Mac下/usr/local目录默认是对于Finder是隐藏,如果需要到/usr/local下去,打开Finder,然后使用command+shift+G,在弹出的目录中填写/usr/local就可以了。 posted on 2...
java并发生成编号_高并发生成订单号 - 新时代搬砖的个人空间 - OSCHINA - 中文开源技术交流社区...
06-10
1.使用数据库自增主键:在数据库中创建一个自增主键,每次插入订单时自动获取主键值作为订单号。这种方式可以保证唯一性和可读性,但在高并发场景下可能会出现性能问题。 2.使用分布式ID生成器:采用分布式ID生成器...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值