英文:
Connecting a springboot application with mysql server over ssl
问题
我需要将我的Spring Boot应用程序与远程的SSL MySQL服务器连接。我在应用程序中使用JPA。我已经阅读了关于SSL以及所需的证书的信息,并且我知道我需要使用MySQL Connector/J来建立连接。我只是想知道作为一个完全的初学者,我应该选择哪种方法,因为在互联网上找不到有效的教程。对任何解释我都会非常感谢。
英文:
I need to connect my spring boot application with a remote my sql server that is on ssl. I am using JPA in my app. I have read about ssl and the certificates required and that I would need MySql Conector/J for establising a conection. I was just wondering what kind of approach I should opt as I am a complete beginner and cant find an effective tuturiol over internet. Any explanation would be highly appreciated.
答案1
得分: 1
以下是您要翻译的内容:
参考链接:https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-configuration-properties.html(向下滚动到安全部分)
基本上您需要应用程序的证书和服务器 CA 证书的 PKCS12 / JKS 格式。然后将其添加到 JDBC URL 中。
示例:在 application.yml 中,假设我们使用 PKCS12 格式,使用 SSL 并验证服务器 CA。假设客户端(应用程序)证书文件名为 client-cert.p12,CA 证书文件名为 server-ca.p12。
spring:
datasource:
url: >
jdbc:mysql://{数据库IP}/{数据库名称}?
useSSL=true&
requireSSL=true&
clientCertificateKeyStoreUrl=file://{某个目录}/client-cert.p12&
clientCertificateKeyStoreType=PKCS12&
clientCertificateKeyStorePassword={密钥库密码}
verifyServerCertificate=true&
trustCertificateKeyStoreUrl=file://{某个目录}/server-ca.p12&
trustCertificateKeyStoreType=PKCS12&
trustCertificateKeyStorePassword={密钥库密码}
username: {用户名}
password: {密码}
如果使用 JKS,文件格式通常为 jks,类型为 JKS。如果不需要验证 CA,请设置 verifyServerCertificate = false,您不需要 trustCertificateKeyStore 部分(最后 3 行)。
英文:
The reference is here: https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-configuration-properties.html (Scroll down a bit to security part)
Basically you need a PKCS12 / JKS format of your app's certificate & server CA certificate. Then add it into the JDBC URL.
Example: In application.yml, assume we're using PKCS12 format, use SSL and verify server CA. Assume the client (app) certificate filename is client-cert.p12 and the CA certificate filename is server-ca.p12.
spring:
datasource:
url: >
jdbc:mysql://{DATABASE_IP}/{DATABASE_NAME}?
useSSL=true&
requireSSL=true&
clientCertificateKeyStoreUrl=file://{SOME_DIRECTORY}/client-cert.p12&
clientCertificateKeyStoreType=PKCS12&
clientCertificateKeyStorePassword={KEY_STORE_PASSWORD}
verifyServerCertificate=true&
trustCertificateKeyStoreUrl=file://{SOME_DIRECTORY}/server-ca.p12&
trustCertificateKeyStoreType=PKCS12&
trustCertificateKeyStorePassword={KEY_STORE_PASSWORD}
username: {USERNAME}
password: {PASSWORD}
If using JKS, the file format usually is jks and the type is JKS. If you don't need to verify CA, set verifyServerCertificate = false and you don't need the trustCertificateKeyStore stuff (last 3 lines)
答案2
得分: 0
如果您已经成功获取了客户端证书 clientkeystore.jks,您可以将以下内容作为 URL 提供并进行连接:
spring.datasource.url=jdbc:mysql://XXXX:3306/mydatabase?useUnicode=true&characterEncoding=UTF-8&characterSetResults=UTF-8&verifyServerCertificate=true&useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:/opt/clientkeystore.jks&clientCertificateKeyStorePassword=mypass&trustCertificateKeyStoreUrl=file:/opt/truststore.jks&trustCertificateKeyStorePassword=mypass
英文:
If you have managed to get the client certificate, clientkeystore.jks in below expression
you can supply the below as the url and can connect:
spring.datasource.url=jdbc:mysql://XXXX:3306/mydatabase?useUnicode=true&characterEncoding=UTF-8&characterSetResults=UTF-8&verifyServerCertificate=true&useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:/opt/clientkeystore.jks&clientCertificateKeyStorePassword=mypass&trustCertificateKeyStoreUrl=file:/opt/truststore.jks&trustCertificateKeyStorePassword=mypass
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论