Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/angularjs/23.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
使用Java与MySQL服务器的SSL连接_Java_Mysql_Ssl_Jdbc_Truststore - Fatal编程技术网
Fatal编程技术网
  • java/
  • 使用Java与MySQL服务器的SSL连接

使用Java与MySQL服务器的SSL连接

java mysql ssl jdbc

使用Java与MySQL服务器的SSL连接,java,mysql,ssl,jdbc,truststore,Java,Mysql,Ssl,Jdbc,Truststore,我正在尝试使用Java over SSL连接到MySQL服务器。我得到以下例外情况: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot connect to MySQL server on www.mysite.com:3306. Make sure that there is a MySQL server running on the machine/port you are trying

我正在尝试使用Java over SSL连接到MySQL服务器。我得到以下例外情况:

com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot connect to MySQL server on www.mysite.com:3306.

Make sure that there is a MySQL server running on the machine/port you are trying to connect to and that the machine this software is running on is able to connect to this host/port (i.e. not firewalled). Also make sure that the server has not been started with the --skip-networking flag.

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
at com.mysql.jdbc.Util.getInstance(Util.java:382)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1013)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:987)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:982)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:927)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:827)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:378)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:305)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Caused by: java.lang.UnsupportedOperationException: The method shutdownInput() is not supported in SSLSocket
at sun.security.ssl.BaseSSLSocketImpl.shutdownInput(Unknown Source)
at com.mysql.jdbc.MysqlIO.forceClose(MysqlIO.java:506)
at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2404)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2163)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:794)
... 25 more
细节 密钥库和信任库创建 我生成了密钥库和信任库,如下所示:

openssl pkcs12 -export -inkey client-key.pem -in client-cert.pem > keystore.p12
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS

openssl x509 -outform der -in ca.pem -out ca.der
keytool -import -file ca.der -alias myCA -keystore truststore.jks
原始证书 这是我的证书列表:

  • 加州佩姆
  • client-key.pem
  • client-cert.pem
  • server-key.pem
  • server-cert.pem
无SSL连接 以下代码运行良好,只是为了演示我可以用Java连接到MySQL服务器:

properties = new Properties();
properties.put("user", "myuser");
properties.put("password", "mypassword");
connection = DriverManager.getConnection("jdbc:mysql://www.mysite.com:3306/mydatabase", properties);
在命令行上使用MySQL时,通过SSL的连接起作用 我使用以下命令启动MySQL服务器:

mysqld --ssl-ca=ca.pem --ssl-cert=server-cert.pem --ssl-key=server-key.pem
然后,我使用MySQL命令连接到它:

mysql --host=www.mysite.com --user=myuser --password=mypassword --database=mydatabase --ssl-ca=ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem
这是可行的,在查询
显示状态(如“Ssl\u cipher”
后,我得到了正确的结果:

+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+
如果您遇到此问题,至少要确保您的CA证书已导入JRE的密钥库

keytool-import-noprompt-trustcacerts-alias-file ca.pem-keystore

(您可能必须将“ca.pem”文件的名称更改为您自己的ca证书文件名)

记住,要保持产品的独特性。 另外,更改,使其与JVM的路径匹配。请注意,这很可能是最高版本的JRE,但也可能是SDK的JRE或安装的其他JRE(如“C:\Program Files\Java\jre1.8.0\u 25\lib\security\cacerts”)

您需要输入JVM信任库的密码:此密码始终为“changeit”

我不能保证这会解决问题,但这是我在进行这项工作时迈出的重要一步,我最终成功了。

你检查过ssl连接了吗?@Paizo这是我走到这一步的页面,是的。旁白:我已经完全推翻了这段代码,并且改变了很多,很难提供好的反馈,但是我的代码现在可以工作了。我将在下面添加一条评论,详细说明潜在读者应该检查的一个重要功能。您列出的这些证书的来源是什么?@Adam我使用OpenSSL生成它们。甚至是ca.pem?我想补充一点:将证书安装到每个JRE的信任库中可能是有意义的。还要确保信任库保持最新,例如升级到新的JRE时。您还提到了JVM信任库的默认密码。但这可以由任何具有propper权限的用户更改。 
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+