Java HashiCorp保险库+；弹簧靴。客户端SSL配置_Java_Spring Boot_Ssl_Ssl Certificate_Hashicorp Vault

Java HashiCorp保险库+；弹簧靴。客户端SSL配置

java spring-boot ssl

Java HashiCorp保险库+；弹簧靴。客户端SSL配置,java,spring-boot,ssl,ssl-certificate,hashicorp-vault,Java,Spring Boot,Ssl,Ssl Certificate,Hashicorp Vault,我正在尝试从Spring Boot应用程序连接到Vault服务器。因此，我通过这本指南：以及获取SSLHandshakeException： WARN o.s.v.a.LifecycleAwareSessionManager - Cannot enhance VaultToken to a LoginToken: Token self- lookup failed; nested exception is org.springframework.web.client.ResourceAc

我正在尝试从Spring Boot应用程序连接到Vault服务器。因此，我通过这本指南：以及获取SSLHandshakeException：

WARN  o.s.v.a.LifecycleAwareSessionManager - Cannot enhance VaultToken to a LoginToken: Token self- 
lookup failed; nested exception is org.springframework.web.client.ResourceAccessException: I/O error 
on GET request for 

"https://*my vault server*/auth/token/lookup- 
self": sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path 
to requested target; nested exception is javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path 
to requested target
16:49:40.487 [http-nio-8084-exec-1] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for 
servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; 
nested exception is org.springframework.web.client.ResourceAccessException: I/O error on GET request 
for "https://*my vault server*/": 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path 
to requested target; nested exception is javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path 
to requested target] with root cause
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path 
to requested target

因此，我将keystore.jks放在resources文件夹中，并将以下配置粘贴到application.yml：

spring.cloud.vault:
ssl:
    trust-store: classpath:keystore.jks
    trust-store-password: changeit

但仍然会出错。我做错了什么？

是否有任何方法可以像我在Postman中那样将ssl验证设置为false？

您需要在java中导入keyvault服务器证书

cacerts

使用

keytool

命令进行导入。@PandeyAmit您的意思是-import-trustcacerts-alias root-file my-root.cer-keystore keystore.jks吗？已经这样做了。最好在

JAVA_HOME\lib\security\cacerts

中导入，或者您可以使用这种方式

JAVA-jar-Djavax.net.ssl.trustStore=/path/to/keystore.jks-Djavax.net.ssl.trustStorePassword=password您的app.jar

@PandeyAmit是的！它确实奏效了。非常感谢！有人知道如何禁用vault上的ssl吗？