java 使用新CA rds-ca-ecc 384-g1的SpringBoot、Hibernate和AWS RDS(Aurora)

axkjgtzd  于 2023-09-29  发布在  Java
关注(0)|答案(4)|浏览(80)

我有一个SpringBoot应用程序,它通过以下配置与PostgreSQL通信,通过AWS BeanStalk部署:

  1. spring.datasource.url=jdbc:postgresql://{SUBDOMAIN}.us-east-2.rds.amazonaws.com:5432/{DATABASE_NAME}
  2. spring.datasource.username={USER}
  3. spring.datasource.password={PASSWORD}
  4. spring.datasource.hikari.maximum-pool-size=2
  5. spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation= true
  6. spring.jpa.properties.hibernate.dialect= org.hibernate.dialect.PostgreSQLDialect
  7. spring.jpa.properties.hibernate.show_sql=true
  8. spring.jpa.open-in-view=false
  9. spring.jpa.hibernate.ddl-auto=create

一切都很顺利,直到我将AWS Aurora证书更新为rds-ca-ecc384-g1,现在我似乎无法再连接到Postgres。
我收到的错误是:

  1. org.postgresql.util.PSQLException: SSL error: Received fatal alert: handshake_failure
  2.     at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:43) ~[postgresql-42.5.4.jar!/:42.5.4]
  3.     at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:620) ~[postgresql-42.5.4.jar!/:42.5.4]
  4.     at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:191) ~[postgresql-42.5.4.jar!/:42.5.4]
  5.     at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:258) ~[postgresql-42.5.4.jar!/:42.5.4]
  6.     at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:54) ~[postgresql-42.5.4.jar!/:42.5.4]
  7.     at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:253) ~[postgresql-42.5.4.jar!/:42.5.4]
  8.     at org.postgresql.Driver.makeConnection(Driver.java:434) ~[postgresql-42.5.4.jar!/:42.5.4]
  9.     at org.postgresql.Driver.connect(Driver.java:291) ~[postgresql-42.5.4.jar!/:42.5.4]
  10.     at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:138) ~[HikariCP-5.0.1.jar!/:na]
  11.     at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:359) ~[HikariCP-5.0.1.jar!/:na]
  12.     at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:201) ~[HikariCP-5.0.1.jar!/:na]
  13.     at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:470) ~[HikariCP-5.0.1.jar!/:na]
  14.     at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:561) ~[HikariCP-5.0.1.jar!/:na]
  15.     at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:100) ~[HikariCP-5.0.1.jar!/:na]
  16.     at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:112) ~[HikariCP-5.0.1.jar!/:na]
  17.     at org.hibernate.engine.jdbc.connections.internal.DatasourceConnectionProviderImpl.getConnection(DatasourceConnectionProviderImpl.java:122) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  18.     at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator$ConnectionProviderJdbcConnectionAccess.obtainConnection(JdbcEnvironmentInitiator.java:284) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  19.     at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:177) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  20.     at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:36) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  21.     at org.hibernate.boot.registry.internal.StandardServiceRegistryImpl.initiateService(StandardServiceRegistryImpl.java:119) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  22.     at org.hibernate.service.internal.AbstractServiceRegistryImpl.createService(AbstractServiceRegistryImpl.java:255) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  23.     at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:230) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  24.     at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:207) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  25.     at org.hibernate.boot.model.relational.Database.<init>(Database.java:44) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  26.     at org.hibernate.boot.internal.InFlightMetadataCollectorImpl.getDatabase(InFlightMetadataCollectorImpl.java:218) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  27.     at org.hibernate.boot.internal.InFlightMetadataCollectorImpl.<init>(InFlightMetadataCollectorImpl.java:191) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  28.     at org.hibernate.boot.model.process.spi.MetadataBuildingProcess.complete(MetadataBuildingProcess.java:138) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  29.     at org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl.metadata(EntityManagerFactoryBuilderImpl.java:1348) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  30.     at org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl.build(EntityManagerFactoryBuilderImpl.java:1419) ~[hibernate-core-6.1.7.Final.jar!/:6.1.7.Final]
  31.     at org.springframework.orm.jpa.vendor.SpringHibernateJpaPersistenceProvider.createContainerEntityManagerFactory(SpringHibernateJpaPersistenceProvider.java:75) ~[spring-orm-6.0.11.jar!/:6.0.11]
  32.     at org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean.createNativeEntityManagerFactory(LocalContainerEntityManagerFactoryBean.java:376) ~[spring-orm-6.0.11.jar!/:6.0.11]
  33.     at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.buildNativeEntityManagerFactory(AbstractEntityManagerFactoryBean.java:409) ~[spring-orm-6.0.11.jar!/:6.0.11]
  34.     at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.afterPropertiesSet(AbstractEntityManagerFactoryBean.java:396) ~[spring-orm-6.0.11.jar!/:6.0.11]
  35.     at org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean.afterPropertiesSet(LocalContainerEntityManagerFactoryBean.java:352) ~[spring-orm-6.0.11.jar!/:6.0.11]
  36.     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1817) ~[spring-beans-6.0.11.jar!/:6.0.11]
  37.     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1766) ~[spring-beans-6.0.11.jar!/:6.0.11]
  38.     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:598) ~[spring-beans-6.0.11.jar!/:6.0.11]
  39.     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:520) ~[spring-beans-6.0.11.jar!/:6.0.11]
  40.     at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:326) ~[spring-beans-6.0.11.jar!/:6.0.11]
  41.     at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-6.0.11.jar!/:6.0.11]
  42.     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:324) ~[spring-beans-6.0.11.jar!/:6.0.11]
  43.     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) ~[spring-beans-6.0.11.jar!/:6.0.11]
  44.     at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1155) ~[spring-context-6.0.11.jar!/:6.0.11]
  45.     at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932) ~[spring-context-6.0.11.jar!/:6.0.11]
  46.     at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:608) ~[spring-context-6.0.11.jar!/:6.0.11]
  47.     at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.0.10.jar!/:3.0.10]
  48.     at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:732) ~[spring-boot-3.0.10.jar!/:3.0.10]
  49.     at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:434) ~[spring-boot-3.0.10.jar!/:3.0.10]
  50.     at org.springframework.boot.SpringApplication.run(SpringApplication.java:310) ~[spring-boot-3.0.10.jar!/:3.0.10]
  51.     at org.springframework.boot.SpringApplication.run(SpringApplication.java:1304) ~[spring-boot-3.0.10.jar!/:3.0.10]
  52.     at org.springframework.boot.SpringApplication.run(SpringApplication.java:1293) ~[spring-boot-3.0.10.jar!/:3.0.10]
  53.     at com.app.Main.main(Main.java:18) ~[classes!/:1.0-SNAPSHOT]
  54.     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
  55.     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
  56.     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
  57.     at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
  58.     at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[main-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
  59.     at org.springframework.boot.loader.Launcher.launch(Launcher.java:95) ~[main-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
  60.     at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[main-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
  61.     at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:65) ~[main-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
  62. Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
  63.     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
  64.     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[na:na]
  65.     at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[na:na]
  66.     at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293) ~[na:na]
  67.     at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204) ~[na:na]
  68.     at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[na:na]
  69.     at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510) ~[na:na]
  70.     at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425) ~[na:na]
  71.     at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) ~[na:na]
  72.     at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) ~[na:na]
  73.     at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:41) ~[postgresql-42.5.4.jar!/:42.5.4]
  74.     ... 59 common frames omitted

当我从同一台机器通过psql手动连接到数据库时,会发生以下情况:

  1. $ PGSSLMODE=verify-full psql -h {SUBDOMAIN}.us-east-2.rds.amazonaws.com -p 5432 -U {USER} -W {DATABASE_NAME}
  2. Password:
  3. psql: error: connection to server at "{SUBDOMAIN}.us-east-2.rds.amazonaws.com" (10.0.156.184), port 5432 failed: root certificate file "/home/ec2-user/.postgresql/root.crt" does not exist
  4. Either provide the file or change sslmode to disable server certificate verification.
Java

4条答案

按热度按时间
gcmastyq

gcmastyq1#

本地运行的应用,需要添加**?sslmode=disable**after {DATABASE_NAME} in spring.datasource.url

赞(0)分享  回复(0)举报  2023-09-29
xzlaal3s

xzlaal3s2#

作为Postgres数据库的一种变通方法,我使用了rds-ca-rsa 4096-g1加密而不是rds-ca-ecc 384-g1。

赞(0)分享  回复(0)举报  2023-09-29
55ooxyrt

55ooxyrt3#

上周我也遇到了同样的问题。在我的情况下,我将其更改为rds-ca-2019,它再次工作

赞(0)分享  回复(0)举报  2023-09-29
hvvq6cgz

hvvq6cgz4#

当我试图在点后将Java应用程序连接到我的Postgres RDS示例并单击AWS CA更新时,我遇到了同样的问题。AWS已将CA更新为rds-ca-ecc384-g1。将其更改为rds-ca-rsa2048-g1解决了这个问题。它将在2061年而不是2121年到期,所以它应该给予我们一点时间。
如果您在AWS控制台中,请单击数据库的示例,然后单击右上角的修改。向下滚动到“连接”部分并将其更改为rds-ca-rsa2048-g1。单击底部的“Continue(继续)”。“立即应用”,然后“修改数据库示例”。等待AWS应用更改。对于我的情况,我不需要重新启动数据库,只需要重新启动应用程序。
似乎有些库不能处理更复杂的算法。我有一个psycopg2应用程序,在rds-ca-ecc384-g1 CA上没有问题。

赞(0)分享  回复(0)举报  2023-09-29
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com