英文:
Connecting to Aerospike host via SSL using the JDBC driver defaults to 3000 port
问题
I am trying to connect to an aerospike host which requires SSL. Connecting via the aql command works fine. However, connecting to the same using the JDBC driver fails.
Running the following command is able to successfully connect to aerospike
aql -h test-host.co.in:tls1:4333 --tls-enable --tls-cafile ~/certificates/aerospike-server-ca.pem
However, when I try to connect using a JDBC connection string using the aerospike JDBC driver, it fails to connect.
This is the JDBC connection string I used
jdbc:aerospike:ssl://test-host.co.in:4333?enableTLS=true&trustStorePath=~/certificates/aerospike-server-ca.pem
It gives an error that it failed to connect to SSL 3000. Is there something wrong with my JDBC string? I tried using this via Datagrip & DBeaver and faced the same error in both software. Why is this defaulting to port 3000 when port 4333 is explicitly specified?
Failed to connect to 1 host(s): SSL 3000
英文:
I am trying to connect to an aerospike host which requires SSL. Connecting via the aql command works fine. However connecting to the same using the JDBC driver fails.
Running the following command is able to successfully connect to aerospike
aql -h test-host.co.in:tls1:4333 --tls-enable --tls-cafile ~/certificates/aerospike-server-ca.pem
However when I try to connect using a JDBC connection string using the aerospike JDBC driver it fails the connect.
This is the jdbc connection string I used
jdbc:aerospike:ssl://test-host.co.in:4333?enableTLS=true&trustStorePath=~/certificates/aerospike-server-ca.pem
It gives an error that it failed to connect to ssl 3000. Is there something wrong in my JDBC string? I tried using this via Datagrip & DBeaver and faced the same error at both softwares. Why is this even defaulting to 3000 port when 4333 port is explicitly specified?
Failed to connect to [1] host(s): ssl 3000
答案1
得分: 3
以下是翻译好的部分:
"看起来您的配置可能存在一些问题。根据您的AQL行,似乎您的证书名称是“tls1”,因此您需要将其传递给JDBC驱动程序,使用&tlsName=tls1
。您提供的trustStorePath
无效,我认为您要查找的参数是tlsTruststorePath
。您可以在AerospikeTLSPolicyConfig中查看有效值的完整列表。
但我还认为配置期望使用标准的Java信任库而不是.pem证书。您应该能够使用以下命令将您的PEM文件转换为信任库:
keytool -import -alias serverkey -file aerospike-server-ca.pem -keystore truststore
然后,您需要使用&tlsTruststorePassword=<password>
传递您创建信任库时选择的密码,其中<password>
是您在上面创建信任库时选择的密码。
因此,我建议使用类似以下的JDBC连接字符串:
jdbc:aerospike://test-host.co.in:4333?enableTLS=true&tlsTruststorePath=/home/myuser/certificates/truststore&tlsTruststorePassword=<password>&tlsName=tls1
您需要将myuser
更改为您的用户名,或者确保正确输入您创建的信任库的路径。“~”是Shell提供的抽象,Java不识别它,因此对您的信任库使用完全限定路径是最佳选择。
注意:根据您的AQL行,我假设您没有使用mTLS,因此无需向服务器提供客户端证书。"
英文:
It looks like there might be a few things wrong with your configuration. Judging by your AQL line it looks like your certificate has a name of "tls1" so you need to pass this to the JDBC driver with &tlsName=tls1
. The trustStorePath
you have isn't valid, I believe the parameter you're looking for is tlsTruststorePath
. You can see a full list of the valid values at AerospikeTLSPolicyConfig.
However, I also believe that the configuration expects a standard Java truststore and not a .pem certificate. You should be able to convert your PEM file to a truststore using
keytool -import -alias serverkey -file aerospike-server-ca.pem -keystore truststore
You will then need to pass the password of the truststore you created using &tlsTruststorePassword=<password>
where <password>
is the password you selected when creating the truststore above.
So I would look at using a JDBC connect string similar to:
jdbc:aerospike://test-host.co.in:4333?enableTLS=true&tlsTruststorePath=/home/myuser/certificates/truststore&tlsTruststorePassword=<password>&tlsName=tls1
You will need to change myuser
to your user name. Or make sure you put in the correct path to the truststore you created. "~" is an abstraction provided by the shell and Java does not recognise it, so a fully qualified path to your truststore is your best bet.
Note: based on your AQL line, I'm assuming you are NOT doin mTLS and therefore do not need provide client certs to the server.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论