I have a spring application that I need to connect to a MongoDB. This connection uses TLS with a self-signed certificate.
I can connect to this database without any problem using Mongo3T with the SSL protocol without PEM file.
I can connect via mongo commandline:
mongo --tls --tlsAllowInvalidCertificates mongoDB://user:pass#host:443/dbname
Without issue.
However if I configure my yml file with
spring.data.mongodb.uri : mongodb://user:pass#host:443/dbname?tls=true&tlsAllowInvalidCertificates=true
It does not connect, and I get a CertificateException:No name matching hostname.
What am I doing wrong? Could it be that tlsAllowInvalidCertificates is not supported for this driver?
Thanks
Related
I have an Spring Boot application using ActiveMQ which has enabled SSL. Its cert is self-signed and hostname does not match.
Since this is a local test I do not want it to verify SSL cert.
I know for REST client, we can use a messy combination of SSLContext, X509TrustManager, etc.
But for ActiveMQ almost everything is managed by Spring Boot. I only provide ActiveMQ url and credential.
Is there somewhere to inject ActiveMQ session?
To disable all verification you can set trustAll=true on your ActiveMQ connection URL, e.g.:
ssl://hostname:61616?trustAll=true
new spring boot application using spring data jpa and we need to connect oracle DB without password set in spring.datasource.password instead need to use connectionProperties with javax.net.ssl.truststore file and javax.net.ssl.truststorePassword.
please help me how we can go with approach to connect DB with spring data jpa?
existing application used same without DB password but used certificate to connect DB in jdbc template.
spring.datasource.url
spring.datasource.driverClassName
spring.datasource.username
// No DB password here but we need to use certificates
javax.net.ssl.truststore = load cert file from file path
javax.net.ssl.trustStoreType
javax.net.ssl.truststorePassword = load encrypted cert password from file path
Can you check the details in the blog? You do need the password along with the certificate. Certificate is to enable stronger security with SSL but not to eliminate database password.
You can leave oracle bound to localhost and use SSH tunnel on spring to connect to it.
On the Oracle server use key to connect ssh instead of password.
Check out this: https://stackoverflow.com/a/71766760/4903232
I have keycloak running in Docker and have another container running a spring based java app that is attempting to connect to keycloak. The error message I keep getting is: Unable to resolve Configuration with the provided issuer of "http://keycloak:8080/auth/realms/someproject". the realm name does exist in the keycloak DB. I can curl to the above URL from any other container. But the web app keeps giving me that message. Any hints would help. Thanks, Bill
Try to expose your keycloak container port and set provided issuer like this http://docker-host-ip:exposed-port/auth/realms/someproject
I have two different spring boot application with SSL enabled in it and also there is an eureka discovery server and these two applications are linked to eureka server.I need to make some https call between these two SSL enabled applications. So I decided to go ahead with feign client .Eureka is able to resolve https url properly for feign client. But while making the call I'm getting "unable to find valid certification path to requested target". I can understand this error is because public key of my client application is not present in truststore of the application from which I'm making feign call. I have already added the public key in my custom truststore, But it is of no use.Property file for the same is below
server.ssl.enabled=true
server.ssl.key-store=classpath:springboot.p12
server.ssl.key-store-password= Pass#123
server.ssl.keyStoreType= PKCS12
server.ssl.keyAlias= springboot
server.ssl.trust-store=classpath:springboot.jks
server.ssl.trust-store-password=Pass#123
eureka.instance.nonSecurePortEnabled=false
eureka.instance.securePortEnabled=true
After digging more into the issue I found that "server.ssl.trust-store" property will set truststore in the embeded tomcat server of spring boot application, But some have my https call is taking default JDK truststore. When I added system properties in my application then everything is working fine. But with spring boot properties file configuration it is not working .
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
I feel setting system properties is an workaround and I'm looking for a better solution .
I even tried enabling ribbon client and added "ribbon.IsSecure=true" property also. But still getting the same issue.
Can someone please provide a suggestion for the same.
Thank you
We are using a Jetty server along with Spring security framework. The server should accept requests from only from a known client (Which is also a server). We want to configure client certificates so that Jetty accepts only the requests with the known client certificate.
How can we configure the server?
All we need to do is set NeedClientAuth in jetty-ssl-config.xml to true. No change is needed in Spring config.