Spring 安全性、ssl ldap 和无证书 [英] Spring security, ssl ldap and no certificate

问题描述

我使用 spring security 来管理登录.我已将 spring security 配置为连接到使用 ssl (ldaps) 保护的 ldap 服务器.

I use spring security to manage login. I've configured spring security to connect to a ldap server which is securized with ssl (ldaps).

此服务器是测试服务器，没有有效证书.当我尝试测试登录时，spring security 抱怨证书无法验证(当然！):

This server is a test server and has no valid certificate. When I try to test the login, spring security complains that the certificate cannot be verified (of course!):

sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
 valid certification path to requested target

我的问题很简单:我不想管理任何类型的证书，我想停用证书检查并继续使用 ssl ldap.我该怎么做?

My question is simple : I don't want to manage any kind of certificate, I would like to deactivate the certificate check and keep using a ssl ldap. How can I do that ?

推荐答案

好像LDAP服务器的证书只是自证而不是无效.

It sounds like the certificate of the LDAP server is just self-cert rather than invalid.

对我来说，最简单的解决方案是获取该证书并将其添加到 java 中的 cacerts 信任库中.完成后，代码将无需任何修改即可运行.

To me the simplest solution would be to get that certificate and add it to the cacerts trust store in java. Once that's done the code will run without any modifications.

从服务器获取证书:

$ openssl s_client -showcerts -connect ldapserver:636

输出将包含许多用

-----BEGIN CERTIFICATE-----
aklfhskfadljasdl1340234234ASDSDFSDFSDFSDFSD
....
-----END CERTIFICATE-----

将最后一个证书条目复制到一个文件中 (ldapca.crt)

Copy the last certificate entry into a file (ldapca.crt)

然后，将其添加到 $JRE_HOME/lib/security 中的 java 密钥库

Then, add it to the java keystore in $JRE_HOME/lib/security

$ cd $JRE_HOME/lib/security
$ keytool -import -alias ldapca_self_sign -keystore cacerts -storepass changeit -file ldapca.crt

这意味着，您将信任 LDAP 服务器上的证书并在您的测试环境中正确使用 SSL(而不是使用一些自定义代码来关闭部分 SSL 检查).

That means, you'll trust the certificate on the LDAP server and are using SSL correctly in your test environment (rather than having some custom code to switch off part of SSL checking).

一旦完成(一次)，您的代码应该无需任何修改即可运行.

Once you've done that (once) your code should run without any modifications.

这篇关于Spring 安全性、ssl ldap 和无证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！