我有server.pem和certificate.cer文件连接到openshift容器中的MongoDB数据库。
尝试使用以下命令将server.pem转换为MongoDB。PKCS12格式,并以Openshift container.cer格式创建keystore.jks和trustore.jks文件。但在Openshift容器中出现异常。有人能就此提出建议吗?请解决以下问题。
命令:
openssl pkcs12-export-in C:\server.pem-out C:\mongodb.pkcs12
oc创建机密通用密钥库--from file=keystore.jks=C:\mongoodb.pkcs12--from file=cruststore.jks=C:\mongodb.pkcs12--type=opaque秘密/密钥库创建的
com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.internal.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:525) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:413) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.InternalStreamConnection.sendCommandMessage(InternalStreamConnection.java:269) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:253) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.CommandHelper.sendAndReceive(CommandHelper.java:83) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.CommandHelper.executeCommand(CommandHelper.java:33) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:106) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:63) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:127) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:117) ~[mongodb-driver-core-3.8.2.jar!/:na]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_262]
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) ~[na:1.8.0_262]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967) ~[na:1.8.0_262]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:331) ~[na:1.8.0_262]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325) ~[na:1.8.0_262]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688) ~[na:1.8.0_262]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226) ~[na:1.8.0_262]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082) ~[na:1.8.0_262]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010) ~[na:1.8.0_262]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079) ~[na:1.8.0_262]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) ~[na:1.8.0_262]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:765) ~[na:1.8.0_262]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) ~[na:1.8.0_262]
at com.mongodb.internal.connection.SocketStream.write(SocketStream.java:79) ~[mongodb-driver-core-3.8.2.jar!/:na]
at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:410) ~[mongodb-driver-core-3.8.2.jar!/:na]
... 9 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:450) ~[na:1.8.0_262]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:317) ~[na:1.8.0_262]
at sun.security.validator.Validator.validate(Validator.java:262) ~[na:1.8.0_262]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330) ~[na:1.8.0_262]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237) ~[na:1.8.0_262]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) ~[na:1.8.0_262]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670) ~[na:1.8.0_262]
... 18 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_262]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_262]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_262]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:445) ~[na:1.8.0_262]
... 24 common frames omitted
我认为您可以更容易地创建秘密。例如:
oc create secret generic keystore-volume
--from-file=keystore.jks=C:mongodb.pkcs12
--from-file=truststore.jks=C:mongodb.pkcs12
之后,您可以在您的应用程序中装载此密钥存储卷。yaml,如:
...
volumeMounts:
- name: keystore-volume
mountPath: /app/secrets
readOnly: true
volumes:
- name: keystore-volume
secret:
secretName: keystore-volume
...
您的文件可以通过路径/app/secrets/mongodb.pkcs12 进入容器