Java Mysql jdbc ssl连接拒绝验证证书
我正在尝试使用java通过ssl连接到mysql数据库。我有一个名为rds-combined-ca-bundle.pem(从下载)的证书文件,用于托管mysql数据库的远程服务器 如果我运行以下程序(在Red Hat Enterprise Linux Server 5.7版(Tikanga)上): 然后它就起作用了:Java Mysql jdbc ssl连接拒绝验证证书,java,mysql,amazon-web-services,jdbc,ssl-certificate,Java,Mysql,Amazon Web Services,Jdbc,Ssl Certificate,我正在尝试使用java通过ssl连接到mysql数据库。我有一个名为rds-combined-ca-bundle.pem(从下载)的证书文件,用于托管mysql数据库的远程服务器 如果我运行以下程序(在Red Hat Enterprise Linux Server 5.7版(Tikanga)上): 然后它就起作用了: Reading table information for completion of table and column names You can turn off this f
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1076
Server version: 5.6.27-log MySQL Community Server (GPL)
keytool -import -alias fnblCert -file rds-combined-ca-bundle.pem -keystore fdcertstore
keytool -genkey -keyalg rsa -alias fnblclient -keystore fdkeystore
System.setProperty("javax.net.ssl.trustStore", "/srv/dw/apps/FileDownloader/config/fdcertstore");
System.setProperty("javax.net.ssl.trustStorePassword", "the_password");
System.setProperty("javax.net.ssl.keyStore", "/srv/dw/apps/FileDownloader/config/fdkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", "the_password");
System.setProperty("javax.net.debug", "all");
String url = "jdbc:mysql://some.server.com/db_name?"
+ "user=a_user&password=the_password"
+ "&useSSL=true";
Connection conn = DriverManager.getConnection(url);
<snip>
found key for : fnblclient
<snip>
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
PPS:我也不能处理默认的cacert文件,因为系统管理员没有给我特权。也许这个问题可以帮助我:谢谢。这个问题很相似,但不是同一个问题。从握手调试输出判断,我的信任存储文件没有问题,但我出于某种原因拒绝了服务器的证书,而mysql命令对此没有问题。因此我感到困惑。错误PKIX路径构建失败通常意味着信任存储中缺少来自证书链的一个或多个证书。@MarkrotVeel可能是这样,但我需要在其中放入哪些额外的证书?正如您所看到的,我在mysql命令中只使用了一个证书,它可以正常工作。然后我将相同的证书放在信任存储中,但它不起作用。我是否还遗漏了一个额外的步骤?可能不相关,但我不止一次地解决了这个错误,升级了JVM的JCE策略文件。你试过了吗?也许这个问题可以帮助你:谢谢。这个问题很相似,但不是同一个问题。从握手调试输出判断,我的信任存储文件没有问题,但我出于某种原因拒绝了服务器的证书,而mysql命令对此没有问题。因此我感到困惑。错误PKIX路径构建失败通常意味着信任存储中缺少来自证书链的一个或多个证书。@MarkrotVeel可能是这样,但我需要在其中放入哪些额外的证书?正如您所看到的,我在mysql命令中只使用了一个证书,它可以正常工作。然后我将相同的证书放在信任存储中,但它不起作用。我是否还遗漏了一个额外的步骤?可能没有关联,但我不止一次地解决了这个错误,升级了JVM的JCE策略文件。你试过了吗?
An exception has occured while connecting to the remote machine: Communications link failure
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
<snip>
found key for : fnblclient
<snip>
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
<snip>
trustStore is: /srv/dw/apps/FileDownloader/config/fdcertstore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=aws.amazon.com/rds/, OU=RDS, O=Amazon.com, L=Seattle, ST=Washington, C=US
Issuer: CN=aws.amazon.com/rds/, OU=RDS, O=Amazon.com, L=Seattle, ST=Washington, C=US
Algorithm: RSA; Serial number: 0xe775b657e21a8128
Valid from Tue Apr 06 01:44:31 EEST 2010 until Sun Apr 05 01:44:31 EEST 2015
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
Thread-12, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-12, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E
Thread-12, called closeSocket()
Thread-12, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target