当我使用Java驱动程序连接atlas mongodb db时,遇到SSLHandshakeException,如何解决?
final ConnectionString uriString = new ConnectionString ("mongodb+srv://XXX:XXX@cluster0-ddtis.azure.mongodb.net/test?retryWrites=true&w=majority");
MongoClient mongoClient = MongoClients.create(settings);
MongoDatabase database = mongoClient.getDatabase("test");
System.out.println("Connect to database successfully");
MongoCollection<Document> collection = database.getCollection("movie");
String dbs = mongoClient.listDatabaseNames().first();
System.out.println("dbs" + dbs);
2019-10-01 00:03:23 INFO org.mongodb.driver.cluster:76]中的异常 连接到服务器时监视线程 cluster0-shard-00-02-ddtis.azure.mongodb.net:27017 com.mongodb.MongoSocketWriteException:在以下位置发送消息的异常 com.mongodb.internal.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:551) 在 com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:433) 在 com.mongodb.internal.connection.InternalStreamConnection.sendCommandMessage(InternalStreamConnection.java:273) 在 com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:257) 在 com.mongodb.internal.connection.CommandHelper.sendAndReceive(CommandHelper.java:83) 在 com.mongodb.internal.connection.CommandHelper.executeCommand(CommandHelper.java:33) 在 com.mongodb.internal.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:105) 在 com.mongodb.internal.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:62) 在 com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:129) 在 com.mongodb.internal.connection.DefaultServerMonitor $ ServerMonitorRunnable.run(DefaultServerMonitor.java:117) 在java.lang.Thread.run(Thread.java:748)造成原因: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:PKIX路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException:无法执行 在以下位置找到到所需目标的有效认证路径 sun.security.ssl.Alerts.getSSLException(Alerts.java:192)在 sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)在 sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)在 sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)在 sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) 在 sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) 在sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)在 sun.security.ssl.Handshaker.process_record(Handshaker.java:961)位于 sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)在 sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) 在sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757) 在sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)在 com.mongodb.internal.connection.SocketStream.write(SocketStream.java:99) 在 com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:430) ...省略9个共同的框架 sun.security.validator.ValidatorException:PKIX路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException:无法执行 在以下位置找到到所需目标的有效认证路径 sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) 在 sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) 在sun.security.validator.Validator.validate(Validator.java:260)处 sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 在 sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) 在 sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) 在 sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ...省略了18个常见框架 sun.security.provider.certpath.SunCertPathBuilderException:无法执行 在以下位置找到到所需目标的有效认证路径 sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) 在 sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) 在java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) 在 sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
...省略了24个常见框架
答案 0 :(得分:1)
原因可能是jre / lib / security /文件夹的cacert中不存在根证书问题,因此是SSL问题。 您是否可以尝试使用keytool和test保存和导入以下证书: “ ISRG根X1:https://letsencrypt.org/certs/isrgrootx1.pem.txt (IdenTrust)DST根CA X3:https://letsencrypt.org/certs/trustid-x3-root.pem.txt"
mongodb手册提供了上述证书链接,以导入任何连接问题,这是doc链接: https://docs.atlas.mongodb.com/reference/faq/security/#tls-change-hard-code。