Amazon web services 当使用MySQL RDS作为后台时,如何解决WSO2IS-5.7上的未知_ca错误?
我尝试在AWS上使用AWS RDS作为安装实例 通过mysql-connector-java-5.1.45-bin.jar访问我的数据源 使用JDBCURL jdbc:mysql://Amazon web services 当使用MySQL RDS作为后台时,如何解决WSO2IS-5.7上的未知_ca错误?,amazon-web-services,wso2,amazon-rds,wso2is,Amazon Web Services,Wso2,Amazon Rds,Wso2is,我尝试在AWS上使用AWS RDS作为安装实例 通过mysql-connector-java-5.1.45-bin.jar访问我的数据源 使用JDBCURL jdbc:mysql://.rds.amazonaws.com:3306/carbon\u db 我有个例外 com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failurecom.mysql.jdbc.exceptions.jdbc4.
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failurecom.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet successfully received from the server was 7 milliseconds ago. The last packet sent successfully to the server was 7 milliseconds ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
.
.
.
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
我试着跑
keytool -importcert -keystore <keystore> -storepass <pass> -noprompt -file rds-combined-ca-bundle.pem
keytool-importcert-keystore-storepass-noprompt-file rds-combined-ca-bundle.pem
在JVM中的cacerts.jks和WSO2存储库中的client-trustore.jks上,此操作无效这是因为来自数据库连接的公共证书不受WSO2 Identity Server的信任 由于您已尝试添加证书,请验证此证书是否已正确添加
/repository/resources/security
文件夹。将公共证书导入client-truststore.jks文件。使用下面的命令keytool-importcert-file certificate.cer-keystore-client-truststore.jks-别名“alias”
重新启动wso2 IS实例,并检查问题是否仍然存在。这是因为来自数据库连接的公共证书不受wso2 Identity Server信任 由于您已尝试添加证书,请验证此证书是否已正确添加
/repository/resources/security
文件夹。将公共证书导入client-truststore.jks文件。使用下面的命令keytool-importcert-file certificate.cer-keystore-client-truststore.jks-别名“alias”
重新启动wso2 IS实例,检查问题是否仍然存在。根据中的MySQL连接器文档,JDBC URL中应包含以下JDBC URL参数,以启用MySQL服务器和wso2服务器之间的SSL通信
useSSL=true
requireSSL=true
clientCertificateKeyStoreUrl
clientCertificateKeyStorePassword
我使用下面的JDBCURL成功地创建了MySQL服务器和wso2服务器之间的安全连接
jdbc:mysql://<HOST_NAME>:<PORT>/apimgtdb?useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:<WSO2_HOME>/repository/resources/security/client-truststore.jks&clientCertificateKeyStorePassword=wso2carbon
jdbc:mysql://:/apimgtdb?usesl=true&;requireSSL=真实&;clientCertificateKeyStoreUrl=file:/repository/resources/security/client-truststore.jks&;clientCertificateKeyStorePassword=wso2carbon
根据中的MySQL连接器文档,以下JDBC URL参数应包含在JDBC URL中,以启用MySQL服务器和wso2服务器之间的SSL通信
useSSL=true
requireSSL=true
clientCertificateKeyStoreUrl
clientCertificateKeyStorePassword
我使用下面的JDBCURL成功地创建了MySQL服务器和wso2服务器之间的安全连接
jdbc:mysql://<HOST_NAME>:<PORT>/apimgtdb?useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:<WSO2_HOME>/repository/resources/security/client-truststore.jks&clientCertificateKeyStorePassword=wso2carbon
jdbc:mysql://:/apimgtdb?usesl=true&;requireSSL=真实&;clientCertificateKeyStoreUrl=file:/repository/resources/security/client-truststore.jks&;clientCertificateKeyStorePassword=wso2carbon