Pet*_*zov 10 java mysql mariadb wildfly wildfly-13
我想配置Wildfly 14以使用加密的JDBC连接.我试过这个:
MariaDB的:
mysql -u root -p
CREATE USER 'wildfly' IDENTIFIED BY 'qwerty';
CREATE DATABASE production_gateway;
GRANT ALL PRIVILEGES ON production_gateway.* TO 'wildfly'@'%' REQUIRE SSL;
FLUSH PRIVILEGES;
创建证书:
mkdir -p /etc/mysql/ssl
cd /etc/mysql/ssl
sudo openssl genrsa 4096 > ca-key.pem
sudo openssl req -new -x509 -nodes -days 36500 -key ca-key.pem -out cacert.pem
sudo openssl req -newkey rsa:4096 -days 36500 -nodes -keyout server-key.pem -out server-req.pem
sudo openssl rsa -in server-key.pem -out server-key.pem
sudo openssl x509 -req -in server-req.pem -days 36500 -CA cacert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
sudo openssl req -newkey rsa:2048 -days 36500 -nodes -keyout client-key.pem -out client-req.pem
sudo openssl rsa -in client-key.pem -out client-key.pem
sudo openssl x509 -req -in client-req.pem -days 36500 -CA cacert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
openssl verify -CAfile cacert.pem server-cert.pem client-cert.pem
在my.cnf下的MariDB中添加证书
ssl-ca=/etc/mysql/ssl/cacert.pem
ssl-cert=/etc/mysql/ssl/server-cert.pem
ssl-key=/etc/mysql/ssl/server-key.pem
systemctl重启mysql
在Java keystone中导入证书:
cd /usr/lib/jvm/java-11-openjdk-amd64/lib/security/
openssl x509 -outform der -in /etc/mysql/ssl/client-cert.pem -out certificate.der
keytool -import -alias client -keystore /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -file certificate.der -srcstorepass changeit
导出keystone配置:
export JAVA_OPTS="-Djavax.net.ssl.keyStore=/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -Djavax.net.ssl.keyStorePassword=changeit"
当我使用此连接链接时:
jdbc:mariadb://localhost:3306/production_gateway - 它正在工作
但是当我使用时: jdbc:mariadb://localhost:3306/production_gateway?useSSL=true&requireSSL=true
我明白了:
17:40:30,454 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (External Management Request Threads -- 1) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
17:40:30,472 ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads -- 1) WFLYCTL0013: Operation ("test-connection-in-pool") failed - address: ([
("subsystem" => "datasources"),
("data-source" => "MariaDB")
]) - failure description: "WFLYJCA0040: failed to invoke operation: WFLYJCA0047: Connection is not valid"
你能建议我如何解决这个问题吗?我使用JDBC驱动程序mariadb-java-client-2.3.0.jar
据我所知,您只需要提供requireSSL字段即可true。
尝试使用以下行:
jdbc:mariadb://localhost:3306/production_gateway?requireSSL=true
让我们知道它是否有效。
如需更多说明,您可以查看此答案。
| 归档时间: |
|
| 查看次数: |
656 次 |
| 最近记录: |