mongodb ssl java,从JAVA应用程序使用SSL连接到MongoDb

最新推荐文章于 2025-05-23 08:00:00 发布

转载最新推荐文章于 2025-05-23 08:00:00 发布 · 464 阅读

文章标签：

本文讲述了使用Java应用通过SSL连接MongoDB时遇到的问题，涉及证书导入、系统属性设置和错误处理。解决方法包括导入CA和私钥，以及正确配置信任store。

I have a MongoDb instance running(single instance) with SSL enabled. I am able to connect to it with RoboMongo where on SSL tab I provide the following :

CA File : /path to my certificate/testCA.pem

PEM certificate/key: /path to my key/testKey.pem

Which successfully connects. Now I'm trying to connect to the same mondodb from java app. I imported the testCA.pem into cacerts using the following command:

keytool -import -keystore cacerts -file testCA.pem -storepass changeit

and I can see a new entry added to the store. Tried to add the other key into it and it says invalid certificate. On the Java app I set system property as following:

System.setProperty ("javax.net.ssl.trustStore","C:\\Program Files\\Java\\jre1.8.0_91\\lib\\security\\cacerts");

System.setProperty ("javax.net.ssl.trustStorePassword","changeit");

and I'm getting the following error:

org.springframework.dao.DataAccessResourceFailureException: Timed out after 10000 ms while waiting to connect. Client view of cluster state is {type=Unknown, servers=[{address=test.mongo.com:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.io.EOFException}}]; nested exception is com.mongodb.MongoTimeoutException: Timed out after 10000 ms while waiting to connect. Client view of cluster state is {type=Unknown, servers=[{address=test.mongo.com:27017, type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: Exception opening the socket}, caused by {java.io.EOFException}}]

at org.springframework.data.mongodb.core.MongoExceptionTranslator.translateExceptionIfPossible(MongoExceptionTranslator.java:75)

at org.springframework.data.mongodb.core.MongoTemplate.potentiallyConvertRuntimeException(MongoTemplate.java:2075)

at org.springframework.data.mongodb.core.MongoTemplate.executeFindMultiInternal(MongoTemplate.java:1918)

What am I missing here, thanks in advance!

解决方案

In addition to importing the CAFile.pem with the command:

(navigate to your java_home/jre/lib/security to run the commands)

1. keytool -import -trustcacerts -file testCA.pem -keystore cacerts -storepass "changeit"

I also had to export the key.pem into a pkcs12 format(default password 'changeit')

2. openssl pkcs12 -export -out mongodb.pkcs12 -in testKey.pem

and in addition to setting system property trustStore/password, keyStore/password should also be set:

System.setProperty ("javax.net.ssl.trustStore",JAVA_HOME + "\\lib\\security\\cacerts");

System.setProperty ("javax.net.ssl.trustStorePassword","changeit");

System.setProperty ("javax.net.ssl.keyStore",JAVA_HOME + "\\lib\\security\\mongodb.pkcs12");

System.setProperty ("javax.net.ssl.keyStorePassword","changeit");