尝试创建一个Java客户端以连接到安全的Mongodb服务器(具有身份验证和自签名证书 . )
它失败,除了“com.mongodb.MongoSocketOpenException:异常打开套接字” .
我可以使用robomongo客户端通过autom和ssl选项连接到服务器,该客户端安装在我运行代码的同一台机器上 .
此外,我验证了Java客户端工作正常,只有mongodb服务器中的身份验证,只有ssl它失败 .
我的代码看起来像这样:
String uri = "mongodb://<user>:<password>@<ip>:<port>/admin?ssl=true&sslInvalidHostNameAllowed=true";
MongoClientURI connectionString = new MongoClientURI(uri);
MongoClient mongoClient = new MongoClient(connectionString);
DB db = mongoClient.getDB(connectionString.getDatabase());
版本:
Mongo v3.4.5
Jdk 1.8
Mongo-java-driver 3.2.2
完整堆栈跟踪:
com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:462)
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:205)
at com.mongodb.connection.CommandHelper.sendMessage(CommandHelper.java:89)
at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32)
at com.mongodb.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:83)
at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:43)
at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:115)
at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:128)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at com.mongodb.connection.SocketStream.write(SocketStream.java:75)
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:201)
... 7 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 17 more
2 回答
这是证书的问题,您在uri中使用IP . 尝试使用主机名或向证书添加备用名称 .
这是另一种可能的解决方案:https://www.ibm.com/support/knowledgecenter/SS3NGB_5.1.0.3/ioc/ts_liberty_ip.html
最后,我找到了问题并正确解决了问题 . 第一个问题是证书,因为我使用的是自签名证书,我必须在创建客户端时明确地传递它,但我不相信SSL . 因为代码是:
第二个问题是我使用凭据的方式 . 实际上,如果你使用URL方法,默认类型的mongo凭证是“MONGODB-CR”,但当我使用其他方式的身份验证,即“SCRAM-SHA-1”时,它工作正常 . 这个代码是: