我在使用ssl连接到mongodb时遇到问题,首先我可以将mongodb与应用程序java连接起来没有任何问题,但是当我从Jetty等服务器应用程序连接到spring boot时我无法连接到mongodb。奇怪的是我可以用eclipse连接到mongodb。
要连接的Java代码:
String trustStorePath = "/path/ssl_keystore_mongodb";
String trustStorePassword = "somePassword";
String uri = "mongodb://admin:password@domain1:31251,domain2:31251/my-db?authSource=admin&ssl=true";
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
MongoClient mongoClient = new MongoClient(new MongoClientURI(uri);
代码在没有服务器应用程序的情况下工作正常,但对于服务器应用程序,输出为:
com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 169.47.75.121 found}, caused by {java.security.cert.CertificateException: No subject alternative names matching IP address 169.47.75.121 found}}, {address=sl-us-south-1-portal.14.dblayer.com:31251, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xx.xx.xxx found}, caused by {java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xx.xx.xxx found}}]
我的证书:
Owner: CN=kbengtsson@efact.pe-4178203cf8de512257f4efeebac75b34
Issuer: CN=kbengtsson@efact.pe-4178203cf8de512257f4efeebac75b34
Serial number: 5a4d0994
Valid from: Wed Jan 03 11:49:24 PET 2018 until: Sun Jan 03 11:00:00 PET 2038
Certificate fingerprints:
MD5: 94:EC:B1:49:BB:56:B9:4B:E3:FC:D3:FE:74:C8:FA:D8
SHA1: EA:95:CC:45:43:E4:DA:12:EA:6C:D6:3F:8D:D3:0A:E6:C5:62:B3:96
SHA256: 9F:A9:AA:84:83:33:BB:B7:39:50:3A:8B:11:3D:B6:07:CD:7E:6D:C3:29:F8:9C:21:4C:B5:47:65:86:19:E7:73
Signature algorithm name: SHA512withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 71 23 3E FF 31 E2 D1 C0 D0 23 F6 4A 1F 0E 55 aq#>.1....#.J..U
0010: B3 28 1D 69 .(.i
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 71 23 3E FF 31 E2 D1 C0 D0 23 F6 4A 1F 0E 55 aq#>.1....#.J..U
0010: B3 28 1D 69 .(.i
]
]
证书由IBM提供。 我该如何解决这个问题?
答案 0 :(得分:1)
此异常表示您正在等待包含IP而不是FQDN的CN(或SAN)证书。出于任何原因,您需要https://169.47.75.121而不是https://sl-us-south-1-portal.14.dblayer.com
如何解决?通过让DNS完成其工作。检查所有配置文件和代码,如果它们包含此IP删除它。还要检查每台计算机上的主机文件,并根据需要添加引用。如果您仍然无法找到发生这种情况的原因,另一种方法是按照文档Host name verification
中的说明禁用证书验证