我试图使用以下设置来创建到MYSQL服务器的ssl连接.我注意到,当我在jdbc url中指定verifyServerCertificate = false时,Java似乎忽略了我通过System.setProperty指定的密钥库和信任库信息.所以我可以注释掉1)中指定的代码,并且仍然可以成功创建ssl连接.当我指定verifyServerCertificate = true时,它似乎使用1)设置的值.所以我的问题是JDBC如何在verifyServerCertificate = false时创建ssl连接,而不使用客户端密钥库和信任库?谢谢.
Java代码
1)
System.setProperty("javax.net.ssl.keyStore",(String) keyStorePath);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
System.setProperty("javax.net.ssl.trustStore",(String) trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword",(String) trustStorePassword));
2)
String jdbcURL = "jdbc:mysql://192.11.11.111/database?verifyServerCertificate=false&useSSL=true&requireSSL=true";
3)
Connection con = DriverManager.getConnection(jdbcURL, dbuser, dbpassword);
MYSQL服务器
拨款声明:
4)
'GRANT ALL PRIVILEGES ON *.* TO 'dbuser'@'%' IDENTIFIED BY PASSWORD \'*2343ASDFWETDFGDSFGSDFGSDSDFWERASF\' REQUIRE SSL WITH GRANT OPTION'
编辑my.cnf文件
5)
[mysqld]
ssl-ca=/etc/mysql/ca-cert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem
附加信息
6)我正在使用我创建的证书颁发机构.
7)对查询的响应
show variables like '%ssl%';
have_openssl YES
have_ssl YES
ssl_ca /etc/mysql/certs/ca.pem
ssl_capath
ssl_cert /etc/mysql/certs/server-cert.pem
ssl_cipher
ssl_crl
ssl_crlpath
ssl_key /etc/mysql/certs/server-key.pem