Java Can'；t从服务器应用程序使用ssl连接mongodb_Java_Mongodb_Ssl_Spring Boot

Java Can'；t从服务器应用程序使用ssl连接mongodb

java mongodb ssl spring-boot

Java Can'；t从服务器应用程序使用ssl连接mongodb,java,mongodb,ssl,spring-boot,Java,Mongodb,Ssl,Spring Boot,我用ssl连接mongodb时遇到问题，首先我可以毫无问题地将mongodb连接到java应用程序，但当我用spring boot从Jetty这样的服务器应用程序连接时，我无法连接到mongodb。奇怪的是，我可以通过eclipse连接到mongodb 要连接的Java代码： String trustStorePath = "/path/ssl_keystore_mongodb"; String trustStorePassword = "somePassword"; String uri =

我用ssl连接mongodb时遇到问题，首先我可以毫无问题地将mongodb连接到java应用程序，但当我用spring boot从Jetty这样的服务器应用程序连接时，我无法连接到mongodb。奇怪的是，我可以通过eclipse连接到mongodb

要连接的Java代码：

String trustStorePath = "/path/ssl_keystore_mongodb";
String trustStorePassword = "somePassword";
String uri = "mongodb://admin:password@domain1:31251,domain2:31251/my-db?authSource=admin&ssl=true";
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
MongoClient mongoClient = new MongoClient(new MongoClientURI(uri);

没有服务器应用程序时，代码可以正常工作，但使用服务器应用程序时，输出为：

com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 169.47.75.121 found}, caused by {java.security.cert.CertificateException: No subject alternative names matching IP address 169.47.75.121 found}}, {address=sl-us-south-1-portal.14.dblayer.com:31251, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xx.xx.xxx found}, caused by {java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xx.xx.xxx found}}]

我的ssl证书：

Owner: CN=kbengtsson@efact.pe-4178203cf8de512257f4efeebac75b34
Issuer: CN=kbengtsson@efact.pe-4178203cf8de512257f4efeebac75b34
Serial number: 5a4d0994
Valid from: Wed Jan 03 11:49:24 PET 2018 until: Sun Jan 03 11:00:00 PET 2038
Certificate fingerprints:
     MD5:  94:EC:B1:49:BB:56:B9:4B:E3:FC:D3:FE:74:C8:FA:D8
     SHA1: EA:95:CC:45:43:E4:DA:12:EA:6C:D6:3F:8D:D3:0A:E6:C5:62:B3:96
     SHA256: 9F:A9:AA:84:83:33:BB:B7:39:50:3A:8B:11:3D:B6:07:CD:7E:6D:C3:29:F8:9C:21:4C:B5:47:65:86:19:E7:73
Signature algorithm name: SHA512withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 71 23 3E FF 31 E2 D1   C0 D0 23 F6 4A 1F 0E 55  aq#>.1....#.J..U
0010: B3 28 1D 69                                        .(.i
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
]

#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 71 23 3E FF 31 E2 D1   C0 D0 23 F6 4A 1F 0E 55  aq#>.1....#.J..U
0010: B3 28 1D 69                                        .(.i
]
]

该证书由IBM提供。

如何解决此问题？

此异常表示您正在等待CN（或SAN）包含IP而不是FQDN的证书。因为任何你要求的原因而不是

如何解决？让DNS完成它的工作。检查所有配置文件和代码，如果它们包含此IP，请将其删除。还要检查每台计算机上的主机文件，必要时添加引用。如果您仍然无法找到发生这种情况的原因，另一种方法是禁用证书验证，如文档中所述

谢谢，我可以通过添加：mongoClient=new mongoClient（new MongoClientURI（uri，mongoclientations.builder（）.sslEnabled（true）.sslInvalidHostNameAllowed（true））来解决我的问题；奖励在哪里？