I am trying to establish an SSL connection between JDBC and AWS RDS. Here I created a keystore using following commands:
# convert certificate into java understandable format
openssl x509 -outform der -in rds-combined-ca-bundle.pem -out rds-combined-ca-bundle.der
# importing the certificate to keystore
sudo keytool -keystore keystore -alias rds_postgresql -import -file rds-combined-ca-bundle.der
And then set the value of keystore and keystore password directly into the application
System.setProperty("javax.net.ssl.keyStore", "/path/of/the/keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "******");
But, after adding all these settings, I am getting following error
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_131]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_131]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_131]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_131]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_131]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_131]
What is wrong here?
I followed this tutorial to setup SSL:
解决方案
Since rds-combined-ca-bundle.pem contains a bunch of certificates, if we split them and create .pem files for all certificates and import them to keystore separately, it will work.
The problem is caused because of importing the entire rds certificate bundle to keystore.
426
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
