我已使用logstash设置syslog服务器,并使用ssl对其进行保护,如本优秀文档中所述:http://www.logstashbook.com/TheLogstashBook_sample.pdf
在服务器上,我创建了一个密钥和证书,如下所示:
openssl genrsa -out server.key 2048
openssl req -new -key server.key -batch -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
我将server.crt复制到我的客户端系统,并尝试使用它向我的服务器发送系统日志消息,但它失败了:
引起:java.security.cert.CertPathBuilderException:无法找到 请求目标的有效证书路径 com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:642) 在 com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:356) 在java.security.cert.CertPathBuilder.build(CertPathBuilder.java:256) 在com.ibm.jsse2.util.h.a(h.java:37)
以下是我的代码:
EventLoopGroup group = null;
Bootstrap bootstrap = null;
Channel channel = null;
group = new NioEventLoopGroup();
bootstrap = new Bootstrap();
bootstrap.group(group);
SSLContext s=SSLContext.getInstance("TLS");
s.init(null, null,null);
String[] suites = s.getSocketFactory().getSupportedCipherSuites();
List<String> ciphers = new ArrayList<String>();
for (int i = 0; i < suites.length; i++) {
ciphers.add(suites[i]);
}
SslContextBuilder ctxBuilder = SslContextBuilder.forClient();
ctxBuilder.ciphers(ciphers);
// get cert
FileInputStream ksfis = new FileInputStream("server.crt");
BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
X509Certificate certificate = (X509Certificate)
CertificateFactory.getInstance("X.509").generateCertificate(ksbufin);
// add cert to keystore
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, "password".toCharArray());
keystore.setCertificateEntry("alias", certificate);
System.setProperty("javax.net.ssl.trustStore", "server.crt");
ctxBuilder.trustManager(certificate);
SslContext sslCtx = ctxBuilder.build();
bootstrap.channel(NioSocketChannel.class)
.option(ChannelOption.SO_KEEPALIVE, true)
.handler(new TcpSyslogEventEncoder());
try {
ChannelFuture future = bootstrap.connect(new InetSocketAddress(hostname, 5000));
channel = future.syncUninterruptibly().channel();
channel.pipeline().addLast("ssl", sslCtx.newHandler(channel.alloc(), hostname, 5000));
}
catch (Exception e) {
System.out.println("Unable to connect to host. Cause is " + e.toString());
}
SyslogEvent event = new SyslogEvent("Dec 23 12:11:43 louis postfix/smtpd[31499]: da a tu cuerpo alegria macarena[95.75.93.154]");
channel.writeAndFlush(event);
System.out.println("Got to end");