spring安全,ssl ldap和没有证书 [英] Spring security, ssl ldap and no certificate
问题描述
我使用spring security来管理登录。我已配置spring security以连接到使用ssl(ldaps)安全的ldap服务器。
此服务器是一个测试服务器,没有有效的证书。当我尝试测试登录时,spring安全性抱怨证书无法验证(当然!):
sun.security .validator.ValidatorException:PKIX路径构建失败:
sun.security.provider.certpath.SunCertPathBuilderException:无法找到
请求目标的有效认证路径
我的问题很简单:我不想管理任何类型的证书,我想停用证书检查并继续使用ssl ldap。
这听起来像LDAP服务器的证书只是自我认证而不是无效的。 / p>
对我来说,最简单的解决方案是获取该证书并将其添加到java中的cacerts信任存储。
要从服务器获取证书:
$ openssl s_client -showcerts -connect ldapserver:636
输出包含多个用
分隔的条目 ----- BEGIN CERTIFICATE -----
aklfhskfadljasdl1340234234ASDSDFSDFSDFSDFSD
....
----- END CERTIFICATE -----
将最后一个证书条目复制到文件(ldapca.crt)
然后,将其添加到$ JRE_HOME / lib / security
$ b中的java密钥库$ b
$ cd $ JRE_HOME / lib / security
$ keytool -import -alias ldapca_self_sign -keystore cacerts -storepass changeit -file ldapca.crt
这意味着,您将信任LDAP服务器上的证书,并在您的测试环境中正确使用SSL而不是有一些自定义代码关闭部分SSL检查)。
一旦你做了(一旦)你的代码应该运行没有任何修改。
I use spring security to manage login. I've configured spring security to connect to a ldap server which is securized with ssl (ldaps).
This server is a test server and has no valid certificate. When I try to test the login, spring security complains that the certificate cannot be verified (of course!):
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
My question is simple : I don't want to manage any kind of certificate, I would like to deactivate the certificate check and keep using a ssl ldap. How can I do that ?
It sounds like the certificate of the LDAP server is just self-cert rather than invalid.
To me the simplest solution would be to get that certificate and add it to the cacerts trust store in java. Once that's done the code will run without any modifications.
To get the certificate from the server:
$ openssl s_client -showcerts -connect ldapserver:636
The output will contain a number of entries delimited with
-----BEGIN CERTIFICATE-----
aklfhskfadljasdl1340234234ASDSDFSDFSDFSDFSD
....
-----END CERTIFICATE-----
Copy the last certificate entry into a file (ldapca.crt)
Then, add it to the java keystore in $JRE_HOME/lib/security
$ cd $JRE_HOME/lib/security
$ keytool -import -alias ldapca_self_sign -keystore cacerts -storepass changeit -file ldapca.crt
That means, you'll trust the certificate on the LDAP server and are using SSL correctly in your test environment (rather than having some custom code to switch off part of SSL checking).
Once you've done that (once) your code should run without any modifications.
这篇关于spring安全,ssl ldap和没有证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
