为SqlServer数据库生成Java可用的SSL加密JKS证书
当SqlServer DB需要 Java 使用 SSL 加密连接时,I can help you by this article.
SqlServer 有多台比如多主多从模式时,需要拿到数据库的 cer 证书,并根据这些 master slave SqlServer DB 的 cer 证书生成 Java 连接 SqlServer DB 的 jks 证书。
1)把多个 cer 证书压到同一个 jks 证书里
注意:每一次压进去的别名 alias 必须名字不一样!
keytool -import -v -trustcacerts -alias aliasName1 -deststoretype JKS -file No1.cer -keystore truststore.ks keytool -import -v -trustcacerts -alias aliasName2 -deststoretype JKS -file No2.cer -keystore truststore.ks keytool -import -v -trustcacerts -alias aliasName3 -deststoretype JKS -file No3.cer -keystore truststore.ks
2)查看 jks 证书
keytool -list -rfc -keystore /key/library/truststore.ks
使用这个命令之后,要检查打印出来的信息中是否显示: Keystore type: JKS, 如果非此类别,可能会导致 Java 连不上
3)Java 使用 jks 证书使用 SSL 加密方式连接到 SqlServer
这里使用 dbcp2连接池作为例子
import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.aop.aspectj.AspectJExpressionPointcut; import org.springframework.aop.support.DefaultPointcutAdvisor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.DependsOn; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate; import org.springframework.orm.hibernate5.HibernateTemplate; import org.springframework.orm.hibernate5.HibernateTransactionManager; import org.springframework.transaction.TransactionDefinition; import org.springframework.transaction.interceptor.*; @Configuration public class ConfigSqlserver { @Bean(value = "sqlserverDataSource", destroyMethod = "close") public BasicDataSource sqlserverDataSource() { String driverClassName = "com.microsoft.sqlserver.jdbc.SQLServerDriver"; String trustStore = "classpath:truststore.ks"; String trustStorePassword = "12345678"; String url = "jdbc:sqlserver://xxx.com:1440;DatabaseName=db1;autoReconnectForPools=true;ApplicationIntent=ReadOnly;encrypt=true;trustServerCertificate=false;hostNameInCertificate=xxx.com;"; String username = "ecoupon_app"; String password = "eCoupon@2018"; String validationQuery = "select 1"; String SSL_URL = url + "trustStore=" + trustStore + ";trustStorePassword=" + trustStorePassword;
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName(driverClassName);
dataSource.setUrl(SSL_URL);
dataSource.setUsername(username);
dataSource.setPassword(password);
dataSource.setValidationQuery(validationQuery);
return dataSource;
}
@Bean("sqlserverJdbcTemplate")
public JdbcTemplate sqlserverJdbcTemplate(
@Qualifier("sqlserverDataSource") BasicDataSource sqlserverDataSource
) {
JdbcTemplate sqlserverJdbcTemplate = new JdbcTemplate();
sqlserverJdbcTemplate.setDataSource(sqlserverDataSource);
return sqlserverJdbcTemplate;
}
}
end.
