我正在尝试使用 SSL 加密设置最新版本的 MongoDB,我能够从 mongo shell 进行连接,但是当我从 Java 客户端连接时出现错误。
Works
mongo admin --host mongo1.xxxx.com --ssl --sslPEMKeyFile mongoClient.pem --sslCAFile mongoCA.crt
不起作用
public static void main(String args[]){
System.setProperty("javax.net.ssl.trustStore","/home/gasparms/truststore.ts");
System.setProperty("javax.net.ssl.trustStorePassword", "mypasswd");
System.setProperty("javax.net.ssl.keyStore", "/home/gasparms/truststore.ts");
System.setProperty("javax.net.ssl.keyStorePassword", "mypasswd");
System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
MongoClientOptions options = MongoClientOptions.builder().sslEnabled(true)
.build();
MongoClient mongoClient = new MongoClient("mongo1.xxxx.com",options);
System.out.println(mongoClient.getDatabaseNames());
}
我从 Mongo 端收到此错误:
2015-06-09T15:08:14.431Z 我网络 [initandlisten] 连接
从 192.168.33.1:38944 #585 接受(现已打开 3 个连接)
2015-06-09T15:08:14.445Z E 网络 [conn585] 没有 SSL 证书
由同行提供;连接被拒绝 2015-06-09T15:08:14.445Z I
NETWORK [conn585] 结束连接 192.168.33.1:38944(2 个连接
现已开放)2015-06-09T15:08:14.828Z I NETWORK [conn580] 结束连接
192.168.33.13:39240(现已打开 1 个连接)
并在java客户端程序中
信息:连接到服务器时监视器线程中出现异常
mongo1.xxxx.com:27017 com.mongodb.MongoSocketReadException:
过早到达流的末尾
com.mongodb.connection.SocketStream.read(SocketStream.java:88) 在
com.mongodb.connection.InternalStreamConnection.receiveResponseBuffers(InternalStreamConnection.java:491)
在
com.mongodb.connection.InternalStreamConnection.receiveMessage(InternalStreamConnection.java:221)
在
com.mongodb.connection.CommandHelper.receiveReply(CommandHelper.java:134)
在
com.mongodb.connection.CommandHelper.receiveCommandResult(CommandHelper.java:121)
在
com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32)
在
com.mongodb.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:83)
在
com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:43)
在
com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:115)
在
com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:127)
在 java.lang.Thread.run(Thread.java:745)
证书的创建
我有 mongoCA.crt 和 mongoClient.pem 与 mongo shell 一起使用。然后,我想将 .pem 和 .crt 导入到 java 密钥库
openssl x509 -outform der -in certificate.pem -out certificate.der
keytool -import -alias MongoDB-Client -file certificate.der -keystore truststore.ts -noprompt -storepass "mypasswd"
keytool -import -alias "MongoDB-CA" -file mongoCA.crt -keystore truststore.ts -noprompt -storepass "mypasswd"
我做错了什么?