如何使用 Postgres 数据库 url 字符串传递证书路径以进行 SSL 连接 [英] How to pass certificate path with Postgres database url string for SSL connection

问题描述

我正在尝试通过 SSL 为我的 Spring 启动应用程序保护到 AWS RDS 实例的连接.我查看了几个博客和官方 documentation 并相应地修改了我的连接包含与 SSL 连接相关的某些参数的字符串.

I am trying to secure connection to AWS RDS instance over SSL for my Spring boot application. I have looked upon several blogs and official documentation and accordingly modified my connection string to contain certain parameter related to SSL connection.

我将我的证书放在资源的 cert 文件夹中.以下是我尝试通过证书路径的方式:

I have my certificate placed inside a cert folder in resources. Below is how I have tried to pass the certificate path:

jdbc:postgresql://myamazondomain.rds.amazonaws.com:5432/db_name?sslmode=verify-full&sslrootcert=/cert/rds-ca-cert_name.p12&password=my_passwrord

我也试过:

jdbc:postgresql://myamazondomain.rds.amazonaws.com:5432/db_name?sslmode=verify-full&sslrootcert=/src/main/resources/cert/rds-ca-cert_name.p12&password=mypassword

但是，当我尝试从 ECS 容器连接到 RDS 时，收到以下错误:

However, when I try to connect to the RDS from my ECS container, I receive the following error:

ERROR com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Exception during pool initialization.
org.postgresql.util.PSQLException: Could not open SSL root certificate file /cert/rds-ca-cert_name.p12.

at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:120)

at org.postgresql.core.SocketFactoryFactory.getSslSocketFactory(SocketFactoryFactory.java:61)

at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:33)

at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:435)

at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)

at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)

at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)

at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)

at org.postgresql.Driver.makeConnection(Driver.java:454)

有人可以建议这里的错误是什么.将存储在 classpath 中的证书传递给 jdbc 连接字符串的正确方法是什么.

Can someone suggest what is the error here. What is the correct way of passing the certificate stored in classpath to jdbc connection string.

推荐答案

我们需要使用 SingleCertValidatingFactory 类来指定类路径上的证书文件(或来自文件系统、环境变量等).此类具有参数 sslfactoryarg，我们可以在其中添加证书文件的路径.

We need to use SingleCertValidatingFactory class to specify certificate file on classpath (or from file system, environment variables etc). This class has argument sslfactoryarg where we can add path to certificate file.

您的网址应如下所示:

jdbc:postgresql://myamazondomain.rds.amazonaws.com:5432/db_name?sslmode=verify-full&sslfactory=org.postgresql.ssl.SingleCertValidatingFactory&sslfactoryarg=classpath:cert/rds-ca-cert_name.p12

这篇关于如何使用 Postgres 数据库 url 字符串传递证书路径以进行 SSL 连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！