选项1a
如果您只有一个证书,则可以使用spring-boot-ssl-truststore-gen https://github.com/orange-cloudfoundry/spring-boot-ssl-truststore-gen它将证书添加到构建包内的系统信任库中:
首先,您需要在 pom.xml (或替代方案)中添加此内容:
<repositories>
<repository>
<id>jcenter</id>
<url>http://jcenter.bintray.com </url>
<snapshots>
<enabled>true</enabled>
<updatePolicy>never</updatePolicy>
<checksumPolicy>warn</checksumPolicy>
</snapshots>
<releases>
<enabled>true</enabled>
<checksumPolicy>warn</checksumPolicy>
</releases>
</repository>
</repositories>
and
<dependency>
<groupId>com.orange.clara.cloud.boot.ssl-truststore-gen</groupId>
<artifactId>spring-boot-ssl-truststore-gen</artifactId>
<version>2.0.21</version>
</dependency>
如果您要创建 Cloud Foundry 应用程序,接下来在您的 manifest.yml 中声明证书:
env:
TRUSTED_CA_CERTIFICATE: |-
-----BEGIN CERTIFICATE-----
changeme
-----END CERTIFICATE-----
当你cf push您的应用程序中,证书将被添加到信任库中。
如果您不创建 Cloud Foundry 应用程序,请设置 enivonment 变量TRUSTED_CA_CERTIFICATE与您的证书的价值,例如
$ export TRUSTED_CA_CERTIFICATE=<TRUSTED_CA_CERTIFICATE_VALUE>
选项 1b
spring-boot-ssl-truststore-gen 库不支持 https://github.com/orange-cloudfoundry/spring-boot-ssl-truststore-gen/commit/3d6cf29ad8bad0cd5d2df86865b60dfc75d996d8从 TRUSTED_CA_CERTIFICATE 环境变量加载多个证书。如果您有多个证书,可以尝试直接调用 ssl-truststore-gen api,例如来自您的类之一的静态块:
package helloworld;
import com.orange.clara.cloud.boot.ssl.CertificateFactory;
import com.orange.clara.cloud.boot.ssl.DefaultTrustStoreAppender;
import com.orange.clara.cloud.boot.ssl.TrustStoreInfo;
public class CertLoader {
public static final String SSL_TRUST_STORE_SYSTEM_PROPERTY = "javax.net.ssl.trustStore";
public static final String SSL_TRUST_STORE_PASSWORD_SYSTEM_PROPERTY = "javax.net.ssl.trustStorePassword";
static {
String[] certs = {
System.getenv("CERTIFICATE_1"),
System.getenv("CERTIFICATE_2")
};
for (String cert : certs) {
DefaultTrustStoreAppender trustStoreAppender = new DefaultTrustStoreAppender();
TrustStoreInfo trustStoreInfo = trustStoreAppender.append(CertificateFactory.newInstance(cert));
System.setProperty(SSL_TRUST_STORE_SYSTEM_PROPERTY, trustStoreInfo.getTrustStorefFile().getAbsolutePath());
System.setProperty(SSL_TRUST_STORE_PASSWORD_SYSTEM_PROPERTY, trustStoreInfo.getPassword());
}
}
}
然后,您的 manifest.yml 中需要类似以下内容:
env:
CERTIFICATE_1: |-
-----BEGIN CERTIFICATE-----
changeme
-----END CERTIFICATE-----
CERTIFICATE_2: |-
-----BEGIN CERTIFICATE-----
changeme
-----END CERTIFICATE-----
选项 1c
将以下内容添加到 pom.xml 中,以便在应用程序启动时自动加载 ssl 证书https://github.com/snowch/spring-boot-ssl-truststore-gen https://github.com/snowch/spring-boot-ssl-truststore-gen:
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
<dependency>
<groupId>com.github.snowch</groupId>
<artifactId>spring-boot-ssl-truststore-gen</artifactId>
<version>master</version>
</dependency>
或到你的 Gradle:
allprojects {
repositories {
...
maven { url 'https://jitpack.io' }
}
}
compile 'com.github.snowch:spring-boot-ssl-truststore-gen:master'
Option 2
如果您正在创建 Cloud Foundry 应用程序并使用 liberty buildpack,请参阅此问题以及添加 ssl 证书的可接受答案:将证书添加到信任库以启用 SSL 通信 https://stackoverflow.com/questions/32180717/add-certificate-to-truststore-to-enable-ssl-communication/44621986#44621986
Option 3
如果您有权访问套接字,例如你正在实例化一个MongoClient()您可以自己实例化,而不是让诸如 Spring Cloud Connector 之类的库为您处理此问题,您可以尝试https://www.compose.com/articles/easier-java-connections-to-mongodb-at-compose-2/ https://www.compose.com/articles/easier-java-connections-to-mongodb-at-compose-2/
