mongo ssl
0 mongo 5.0.19 安装 https://zhuanlan.zhihu.com/p/621643976?utm_id=0
启动cmd控制台,并到达mongodb中的bin文件目录下,输入如下指令回车即可。
mongod --dbpath=../data/db
或者配置文件的方式启动
mongod -f ../conf/mongodb.conf 或 mongod --config ../conf/mongodb.conf
启动后在浏览器打开http://localhost:27017,显示如下内容表示启动成功。
ssl
mac@macdeMacBook bin % mkcert mongo
mac@macdeMacBook bin % cat mongo.pem mongo-key.pem mongoserver.pem
sslOnNormalPorts = true
# SSL Key file and password
sslPEMKeyFile = /Users/mac/Downloads/mongoserver.pem
sslPEMKeyPassword =
import com.mongodb.ConnectionString; import com.mongodb.MongoClientSettings; import com.mongodb.client.MongoClients; import com.mongodb.client.MongoClient; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.concurrent.TimeUnit; public class MongoClientUtil { private static final Logger logger = LoggerFactory.getLogger(MongoClientUtil.class); private MongoClientUtil() {} private static MongoClient mongoClient; public static MongoClient getInstance() { return mongoClient; } static { try { SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(null, new TrustManager[]{new MyX509TrustManager()}, new java.security.SecureRandom()); MongoClientSettings settings = MongoClientSettings.builder() .applyConnectionString(new ConnectionString("mongodb://,,/admin?authSource=admin&readPreference=primary&ssl=true&tlsAllowInvalidCertificates=true&tlsAllowInvalidHostnames=true")) .applyToClusterSettings(builder -> builder.serverSelectionTimeout(5, TimeUnit.SECONDS)) .applyToSocketSettings(builder -> builder.connectTimeout(5, TimeUnit.SECONDS).readTimeout(10, TimeUnit.SECONDS)) .applyToSslSettings(builder -> builder.invalidHostNameAllowed(true).enabled(true).context(sslcontext)) .build(); mongoClient = MongoClients.create(settings); } catch (Exception e) { logger.error(e.getMessage(), e); } } private static class MyX509TrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException { logger.info("check client"); } @Override public void checkServerTrusted(X509Certificate[] ax509certificate, String s) throws CertificateException { logger.info("check server"); } @Override public X509Certificate[] getAcceptedIssuers() { return null; } } }
在windows compass中有用的tlsAllowInvalidCertificates,这个client并不支持,所以一定要定义一个sslcontext信任所有服务器证书