英文:
Getting error after adding SSL configuration [Apache Ignite]
问题
以下是翻译好的部分:
在我的客户端/服务器节点中,我正在尝试添加SSL,但是在客户端端出现了"握手超时"错误,而在服务器端出现了"无法处理选择器键"和"由于未处理的异常而关闭NIO会话"的错误。我不知道我是否在正确操作...
我正在使用Java 11 + Ignite 2.7.6 + GridGain 8.7.6
用于创建密钥库的步骤:
keytool -genkey -alias server-alias -keyalg RSA -keypass password -storepass password -keystore serverkeystore.jks
keytool -genkey -alias client-alias -keyalg RSA -keypass password -storepass password -keystore clientkeystore.jks
将证书导出为单独的文件:
keytool -export -alias server-alias -storepass password -file server.cer -keystore serverkeystore.jks
keytool -export -alias client-alias -storepass password -file client.cer -keystore clientkeystore.jks
将证书添加到服务器信任库:
keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore publicserverkeystore.jks -keypass password -storepass password
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore publicserverkeystore.jks -keypass password -storepass password
将证书添加到客户端信任库:
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore publicclientkeystore.jks -keypass password -storepass password
keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore publicclientkeystore.jks -keypass password -storepass password
现在在Java客户端节点中:
ClientConnectorConfiguration cliConnCfg = new ClientConnectorConfiguration();
cliConnCfg.setJdbcEnabled(false);
cliConnCfg.setOdbcEnabled(false);
cliConnCfg.setThinClientEnabled(false);
cliConnCfg.setSslEnabled(true);
cliConnCfg.setSslClientAuth(true);
igniteConfiguration.setClientConnectorConfiguration(cliConnCfg);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStoreFilePath("C:\\Program Files\\Java\\jdk-11.0.2\\lib\\security\\clientkeystore.jks");
sslContextFactory.setKeyStorePassword("password".toCharArray());
sslContextFactory.setTrustStoreFilePath("C:\\Program Files\\Java\\jdk-11.0.2\\lib\\security\\publicclientkeystore.jks");
sslContextFactory.setTrustStorePassword("password".toCharArray());
igniteConfiguration.setSslContextFactory(sslContextFactory);
现在在Java服务器节点中:
ClientConnectorConfiguration cliConnCfg = new ClientConnectorConfiguration();
cliConnCfg.setJdbcEnabled(false);
cliConnCfg.setOdbcEnabled(false);
cliConnCfg.setThinClientEnabled(false);
cliConnCfg.setSslEnabled(true);
cliConnCfg.setSslClientAuth(true);
igniteConfiguration.setClientConnectorConfiguration(cliConnCfg);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStoreFilePath("C:\\Program Files\\Java\\jdk-11.0.2\\lib\\security\\serverkeystore.jks");
sslContextFactory.setKeyStorePassword("password".toCharArray());
sslContextFactory.setTrustStoreFilePath("C:\\Program Files\\Java\\jdk-11.0.2\\lib\\security\\publicserverkeystore.jks");
sslContextFactory.setTrustStorePassword("password".toCharArray());
igniteConfiguration.setSslContextFactory(sslContextFactory);
英文:
I'm trying to add SSL in my client / server nodes but i'm getting a "Handshake timed out" from the client side and a "Failed to process selector key" "Closing NIO session because of unhandled exception" from the server side. I don't know if I am doing things correctly...
I'm using java 11 + ignite 2.7.6 + gridgain 8.7.6
For the keystore creation:
keytool -genkey -alias server-alias -keyalg RSA -keypass password -storepass password -keystore serverkeystore.jks
keytool -genkey -alias client-alias -keyalg RSA -keypass password -storepass password -keystore clientkeystore.jks
Exporting the cer into its own file:
keytool -export -alias server-alias -storepass password -file server.cer -keystore serverkeystore.jks
keytool -export -alias client-alias -storepass password -file client.cer -keystore clientkeystore.jks
Add the certs to the server trust store
keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore publicserverkeystore.jks -keypass password -storepass password
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore publicserverkeystore.jks -keypass password -storepass password
Add the certs to the client trust store
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore publicclientkeystore.jks -keypass password -storepass password
keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore publicclientkeystore.jks -keypass password -storepass password
Now in the java client node side:
ClientConnectorConfiguration cliConnCfg = new ClientConnectorConfiguration();
cliConnCfg.setJdbcEnabled(false);
cliConnCfg.setOdbcEnabled(false);
cliConnCfg.setThinClientEnabled(false);
cliConnCfg.setSslEnabled(true);
cliConnCfg.setSslClientAuth(true);
igniteConfiguration.setClientConnectorConfiguration(cliConnCfg);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStoreFilePath("C:\\Program Files\\Java\\jdk-11.0.2\\lib\\security\\clientkeystore.jks");
sslContextFactory.setKeyStorePassword("password".toCharArray());
sslContextFactory.setTrustStoreFilePath("C:\\Program Files\\Java\\jdk-11.0.2\\lib\\security\\publicclientkeystore.jks");
sslContextFactory.setTrustStorePassword("password".toCharArray());
igniteConfiguration.setSslContextFactory(sslContextFactory);
Now in the java server node side:
ClientConnectorConfiguration cliConnCfg = new ClientConnectorConfiguration();
cliConnCfg.setJdbcEnabled(false);
cliConnCfg.setOdbcEnabled(false);
cliConnCfg.setThinClientEnabled(false);
cliConnCfg.setSslEnabled(true);
cliConnCfg.setSslClientAuth(true);
igniteConfiguration.setClientConnectorConfiguration(cliConnCfg);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStoreFilePath("C:\\Program Files\\Java\\jdk-11.0.2\\lib\\security\\serverkeystore.jks");
sslContextFactory.setKeyStorePassword("password".toCharArray());
sslContextFactory.setTrustStoreFilePath("C:\\Program Files\\Java\\jdk-11.0.2\\lib\\security\\publicserverkeystore.jks");
sslContextFactory.setTrustStorePassword("password".toCharArray());
igniteConfiguration.setSslContextFactory(sslContextFactory);
专注分享java语言的经验与见解,让所有开发者获益!
评论