通过SSL从Spring Cloud Config获取配置

时间:2016-10-14 13:14:30

标签: java ssl spring-boot microservices spring-cloud-config

我正在使用Spring Boot构建微服务,其中配置使用Spring Cloud Config进行分发。配置应用程序已启用SSL。

我希望我的spring启动应用程序通过https与Config服务器通信。问题是,在从bootstrap.yml加载SSL配置之前,应用程序启动对Config Server的休息调用以获取配置并因错误而失败:

java.lang.IllegalStateException: Could not locate PropertySource and the fail fast property is set, failing
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://host:8888/abcd/development,production": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 

我在bootstrap.yml中配置了一个带有CA证书的信任库:

# MicroServices Properties
spring:
  application:
     name: abcd
  profiles:
    active: development,production
  cloud:
    config:
      uri: https://<host>:8888 
      fail-fast: true
      password: abc@123
      username: user
server:
  ssl:
    trust-store: D:/Certs/caCert/server.p12
    trust-store-password: keystore
    key-store-provider: PKCS12

有什么建议我应该如何与Config Server建立成功的SSL通信?

2 个答案:

答案 0 :(得分:1)

我在JRE证书库中导入CA证书后问题得以解决:

keytool -importcert -alias startssl -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -file ca.der

答案 1 :(得分:0)

在查找cert文件时看起来有问题。我会尝试这样的事情。

   ssl:
      trust-store: file:/Certs/caCert/server.p12

更好的是,我会使用keytool将我的证书添加到密钥库文件中,以便我可以访问我的密钥库文件,如

   ssl:
      enabled: true
      key-store: file:/Certs/keystore
      key-password: keypwd