MySQL RDS和JDBC SSL连接出现错误:无法找到请求目标的有效证书路径 [英] MySQL RDS and JDBC SSL connectivity giving error: unable to find valid certification path to requested target
问题描述
我正在尝试在JDBC和AWS RDS之间建立SSL连接.在这里,我使用以下命令创建了密钥库:
I am trying to establish an SSL connection between JDBC and AWS RDS. Here I created a keystore using following commands:
# convert certificate into java understandable format
openssl x509 -outform der -in rds-combined-ca-bundle.pem -out rds-combined-ca-bundle.der
# importing the certificate to keystore
sudo keytool -keystore keystore -alias rds_postgresql -import -file rds-combined-ca-bundle.der
然后将密钥库和密钥库密码的值直接设置到应用程序中
And then set the value of keystore and keystore password directly into the application
System.setProperty("javax.net.ssl.keyStore", "/path/of/the/keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "******");
但是,添加所有这些设置后,我得到以下错误
But, after adding all these settings, I am getting following error
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_131]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_131]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_131]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_131]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_131]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_131]
这是怎么了?
我按照本教程设置了SSL:
I followed this tutorial to setup SSL:
https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html
推荐答案
由于rds-combined-ca-bundle.pem包含一堆证书,如果我们拆分它们并为所有证书创建.pem文件并将它们分别导入到keystore,它将会起作用.
Since rds-combined-ca-bundle.pem contains a bunch of certificates, if we split them and create .pem files for all certificates and import them to keystore separately, it will work.
此问题是由于将整个rds证书捆绑包导入密钥库而引起的.
The problem is caused because of importing the entire rds certificate bundle to keystore.
这篇关于MySQL RDS和JDBC SSL连接出现错误:无法找到请求目标的有效证书路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
