如果使用jdbc 进行ssl 数据传输,
前提是必须server 支持,
必须先开启server
端的ssl 功能。
开启集群步骤如下(可参考集群手册,以下只给出开启步骤)
1)生成ssl 文件(直接在linux 下执行即可)
openssl genrsa 2048 > ca-key.pem
openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem
openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem > client-req.pem
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -sha1 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
此步骤可能出现提示,直接忽略即可
2) 拷贝三个文件到某个目录下,在gcluster*.cnf下设置如下内容
ssl-ca=/usr/local/myssl/ca-cert.pem
ssl-cert=/usr/local/myssl/server-cert.pem
ssl-key=/usr/local/myssl/server-key.pem
GBase 8a 程序员手册JDBC 篇
南大通用数据技术股份有限公司
- 175 -
3) 重启集群然后通过show variables like '%SSL%'查看是否开启ssl功能。
如下为开启:
show variables like '%ssl%';
+---------------+----------------------------------+
| Variable_name | Value |
+---------------+----------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /usr/local/myssl/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /usr/local/myssl/server-cert.pem |
| ssl_cipher | |
| ssl_key | /usr/local/myssl/server-key.pem |
+---------------+----------------------------------+
经过前面三步集群已经开启ssl功能,针对jdbc按照如下使用步骤
1)生成jdbc连接用密钥
keytool -import -alias GBaseCACert -file ca-cert.pem -keystore truststore
说明:ca-cert.pem为生成ssl文件时生成的文件,执行该步骤后会提示输入认
证,即密码,比如输入password1(jdbc会用到)
openssl x509 -outform DER -in client-cert.pem -out client.cert
keytool -import -file client.cert -keystore keystore -alias GBaseClientCertificate
说明:client.cert为生成ssl文件时生成的文件,执行该步骤后会提示输入认
证,即密码,比如输入password1,(jdbc会用到)
2)上述步骤会生成两个文件truststore,keystore,将这两个文件拷贝到jdbc
可以访问的路径下
3) 按照如下样例编写代码
String url = "jdbc:gbase://192.168.8.27:5258/gbase?user=root&useSSL=true&requireSSL=true";
String trustStorePath = "D:\\JDBCTest\\src\\test-certs\\truststore";
String keyStorePath = "D:\\JDBCTest\\src\\test-certs\\keystore";
System.setProperty("javax.net.ssl.keyStore", keyStorePath);
System.setProperty("javax.net.ssl.keyStorePassword", "password1");
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", "password1");
GBase 8a 程序员手册JDBC 篇
- 176 -
南大通用数据技术股份有限公司
Connection conn = DriverManager.getConnection(url);
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery("show status like '%SSL%'");
while(rs.next()){
System.out.println(rs.getString(1)+"-----"+rs.getString(2));
}
以上就是使用jdbc ssl功能步骤,注意黄色背景设置