Kerberos化的MongoDBJava连接中的证书错误

作者：-wkwn | 来源：互联网 | 2023-08-25 12:28

我正在尝试使用Java驱动程序连接到3节点的MongoDB副本集（启用了kerberos和ssl）

我正在尝试使用Java驱动程序连接到3节点的MongoDB副本集（启用了kerberos和ssl）。我的代码如下所示：

public class MongoDBPoC { static { System.setProperty("javax.net.ssl.trustStore","mongo_test.truststore"); System.setProperty("javax.net.ssl.trustStorePassword","changeit"); System.setProperty("javax.security.auth.useSubjectCredsOnly","false"); System.setProperty("java.security.auth.login.config","jaas.conf"); } public static void main(String[] args) { MongoClient mOngoClient= MongoClients.create( "mongodb://username%40REALM.COM@server01.domain.com:27017/?authMechanism=GSSAPI&ssl=true"); MongoDatabase database = mongoClient.getDatabase("MY_DB"); MongoCollection collection = database.getcollection("MY_COLL"); System.out.println(collection.countDocuments()); } }

当我尝试连接到其中一个节点（它们中的任何一个）时，我可以成功连接。但是，当我在连接字符串中提供所有节点时，连接将失败。我的意思是

mongodb://username%40REALM.COM@server01.domain.com:27017/?authMechanism=GSSAPI&ssl=true

工作正常，但是

mongodb://username%40REALM.COM@server01.domain.com:27017,server02.domain.com:27017,server03.domain.com:27017/?authMechanism=GSSAPI&ssl=true

失败，但以下情况除外：

Kas 13,2019 10:44:45 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Cluster created with settings {hosts=[server01.domain.com:27017,server03.domain.com:27017],mode=MULTIPLE,requiredClusterType=REPLICA_SET,serverSelectiOnTimeout='30000 ms',maxWaitQueueSize=500,requiredReplicaSetName='rs1'} Kas 13,2019 10:44:45 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Adding discovered server server01.domain.com:27017 to client view of cluster Kas 13,2019 10:44:45 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Adding discovered server server02.domain.com:27017 to client view of cluster Kas 13,2019 10:44:45 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Adding discovered server server03.domain.com:27017 to client view of cluster Kas 13,2019 10:44:45 AM com.mongodb.diagnostics.logging.JULLogger log INFO: No server chosen by com.mongodb.client.internal.MongoClientDelegate$1@3567135c from cluster description ClusterDescription{type=REPLICA_SET,cOnnectionmode=MULTIPLE,serverDescriptiOns=[ServerDescription{address=server01.domain.com:27017,type=UNKNOWN,state=CONNECTING},ServerDescription{address=server02.domain.com:27017,ServerDescription{address=server03.domain.com:27017,state=CONNECTING}]}. Waiting for 30000 ms before timing out Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Opened connection [connectionId{localValue:2,serverValue:4486}] to server02.domain.com:27017 Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Opened connection [connectionId{localValue:1,serverValue:36356}] to server01.domain.com:27017 Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Opened connection [connectionId{localValue:3,serverValue:4189}] to server03.domain.com:27017 Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Monitor thread successfully connected to server with description ServerDescription{address=server01.domain.com:27017,type=REPLICA_SET_SECONDARY,state=CONNECTED,ok=true,version=ServerVersion{versiOnList=[4,2,0]},minWireversion=0,maxWireversion=8,maxDocumentSize=16777216,logicalSessiOnTimeoutMinutes=30,roundTripTimeNanos=25084370,setName='rs1',canOnicalAddress=server01:27017,hosts=[server03:27017,server01:27017,server02:27017],passives=[],arbiters=[],primary='server02:27017',tagSet=TagSet{[]},electiOnId=null,setVersion=5,lastWriteDate=Wed Nov 13 10:44:37 EET 2019,lastUpdateTimeNanos=1840350107661741} Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Monitor thread successfully connected to server with description ServerDescription{address=server03.domain.com:27017,roundTripTimeNanos=24081447,canOnicalAddress=server03:27017,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Monitor thread successfully connected to server with description ServerDescription{address=server02.domain.com:27017,type=REPLICA_SET_PRIMARY,roundTripTimeNanos=25093623,canOnicalAddress=server02:27017,electiOnId=7fffffff0000000000000195,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Adding discovered server server03:27017 to client view of cluster Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Adding discovered server server01:27017 to client view of cluster Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Adding discovered server server02:27017 to client view of cluster Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Canonical address server03:27017 does not match server address. Removing server03.domain.com:27017 from client view of cluster Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Server server01.domain.com:27017 is no longer a member of the replica set. Removing from client view of cluster. Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Server server02.domain.com:27017 is no longer a member of the replica set. Removing from client view of cluster. Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Canonical address server02:27017 does not match server address. Removing server02.domain.com:27017 from client view of cluster Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Exception in monitor thread while connecting to server server01:27017 com.mongodb.MongoSocketWriteException: Exception sending message at com.mongodb.internal.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:541) at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:429) at com.mongodb.internal.connection.InternalStreamConnection.sendCommandMessage(InternalStreamConnection.java:269) at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:253) at com.mongodb.internal.connection.CommandHelper.sendAndReceive(CommandHelper.java:83) at com.mongodb.internal.connection.CommandHelper.executeCommand(CommandHelper.java:33) at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:105) at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:62) at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:127) at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:117) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching server01 found at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at com.mongodb.internal.connection.SocketStream.write(SocketStream.java:99) at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:426) ... 9 more Caused by: java.security.cert.CertificateException: No name matching server01 found at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231) at sun.security.util.HostnameChecker.match(HostnameChecker.java:96) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) ... 18 more Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Exception in monitor thread while connecting to server server02:27017 com.mongodb.MongoSocketWriteException: Exception sending message at com.mongodb.internal.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:541) at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:429) at com.mongodb.internal.connection.InternalStreamConnection.sendCommandMessage(InternalStreamConnection.java:269) at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:253) at com.mongodb.internal.connection.CommandHelper.sendAndReceive(CommandHelper.java:83) at com.mongodb.internal.connection.CommandHelper.executeCommand(CommandHelper.java:33) at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:105) at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:62) at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:127) at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:117) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching server02 found at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at com.mongodb.internal.connection.SocketStream.write(SocketStream.java:99) at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:426) ... 9 more Caused by: java.security.cert.CertificateException: No name matching server02 found at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231) at sun.security.util.HostnameChecker.match(HostnameChecker.java:96) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) ... 18 more Kas 13,2019 10:44:46 AM com.mongodb.diagnostics.logging.JULLogger log INFO: Exception in monitor thread while connecting to server server03:27017 com.mongodb.MongoSocketWriteException: Exception sending message at com.mongodb.internal.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:541) at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:429) at com.mongodb.internal.connection.InternalStreamConnection.sendCommandMessage(InternalStreamConnection.java:269) at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:253) at com.mongodb.internal.connection.CommandHelper.sendAndReceive(CommandHelper.java:83) at com.mongodb.internal.connection.CommandHelper.executeCommand(CommandHelper.java:33) at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:105) at com.mongodb.internal.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:62) at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:127) at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:117) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching server03 found at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at com.mongodb.internal.connection.SocketStream.write(SocketStream.java:99) at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:426) ... 9 more Caused by: java.security.cert.CertificateException: No name matching server03 found at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:231) at sun.security.util.HostnameChecker.match(HostnameChecker.java:96) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) ... 18 more

驱动程序似乎以某种方式找到了域名server01，server02，server03，而它当然在ssl证书中找不到这些名称。它应该使用我提供的名称进行连接：server01.domain.com，server02.domain.com，server03.domain.com。驾驶员在哪里找到这些名字？我该如何纠正？

非常感谢您

推荐阅读

web
Bootstrap 学习指南：全面掌握前端框架的核心知识点与实战技巧

### 优化后的摘要本学习指南旨在帮助读者全面掌握 Bootstrap 前端框架的核心知识点与实战技巧。内容涵盖基础入门、核心功能和高级应用。第一章通过一个简单的“Hello World”示例，介绍 Bootstrap 的基本用法和快速上手方法。第二章深入探讨 Bootstrap 与 JSP 集成的细节，揭示两者结合的优势和应用场景。第三章则进一步讲解 Bootstrap 的高级特性，如响应式设计和组件定制，为开发者提供全方位的技术支持。 ... [详细]

蜡笔小新 2024-11-09 16:58:21
web
JavaWeb文件上传：前端实现与后端处理详解

在JavaWeb开发中，文件上传是一个常见的需求。无论是通过表单还是其他方式上传文件，都必须使用POST请求。前端部分通常采用HTML表单来实现文件选择和提交功能。后端则利用Apache Commons FileUpload库来处理上传的文件，该库提供了强大的文件解析和存储能力，能够高效地处理各种文件类型。此外，为了提高系统的安全性和稳定性，还需要对上传文件的大小、格式等进行严格的校验和限制。 ... [详细]

蜡笔小新 2024-11-11 19:50:46
tags
利用Struts1构建简易计算器：采用DispatchAction处理请求，动态Form优化开发流程，提供用户友好的错误提示

本文介绍了如何利用Struts1框架构建一个简易的四则运算计算器。通过采用DispatchAction来处理不同类型的计算请求，并使用动态Form来优化开发流程，确保代码的简洁性和可维护性。同时，系统提供了用户友好的错误提示，以增强用户体验。 ... [详细]

蜡笔小新 2024-11-09 19:48:22
get
HDFS API

Hadoop的文件操作位于包org.apache.hadoop.fs里面，能够进行新建、删除、修改等操作。比较重要的几个类：(1)Configurati ... [详细]

蜡笔小新 2024-11-13 17:31:50
web
基于Net Core 3.0与Web API的前后端分离开发：Vue.js在前端的应用

本文介绍了如何使用Net Core 3.0和Web API进行前后端分离开发，并重点探讨了Vue.js在前端的应用。后端采用MySQL数据库和EF Core框架进行数据操作，开发环境为Windows 10和Visual Studio 2019，MySQL服务器版本为8.0.16。文章详细描述了API项目的创建过程、启动步骤以及必要的插件安装，为开发者提供了一套完整的开发指南。 ... [详细]

蜡笔小新 2024-11-11 10:58:21
web
WordPress Duplicator 0.4.4 版本存在跨站脚本攻击漏洞分析

在对WordPress Duplicator插件0.4.4版本的安全评估中，发现其存在跨站脚本（XSS）攻击漏洞。此漏洞可能被利用进行恶意操作，建议用户及时更新至最新版本以确保系统安全。测试方法仅限于安全研究和教学目的，使用时需自行承担风险。漏洞编号：HTB23162。 ... [详细]

蜡笔小新 2024-11-10 13:16:43
get
Linux网络配置详解：Firewalld与Netfilter机制解析及iptables应用

在Linux系统中，网络配置是至关重要的任务之一。本文详细解析了Firewalld和Netfilter机制，并探讨了iptables的应用。通过使用`ip addr show`命令来查看网卡IP地址（需要安装`iproute`包），当网卡未分配IP地址或处于关闭状态时，可以通过`ip link set`命令进行配置和激活。此外，文章还介绍了如何利用Firewalld和iptables实现网络流量控制和安全策略管理，为系统管理员提供了实用的操作指南。 ... [详细]

蜡笔小新 2024-11-09 12:37:55
web
Web开发框架概览：Java与JavaScript技术及框架综述

Web开发涉及服务器端和客户端的协同工作。在服务器端，Java是一种优秀的编程语言，适用于构建各种功能模块，如通过Servlet实现特定服务。客户端则主要依赖HTML进行内容展示，同时借助JavaScript增强交互性和动态效果。此外，现代Web开发还广泛使用各种框架和库，如Spring Boot、React和Vue.js，以提高开发效率和应用性能。 ... [详细]

蜡笔小新 2024-11-09 11:59:38
web
使用HTML和JavaScript实现视频截图功能

本文介绍了如何利用HTML和JavaScript实现从远程MP4、本地摄像头及本地上传的MP4文件中截取视频帧，并展示了具体的实现步骤和示例代码。 ... [详细]

蜡笔小新 2024-11-15 00:19:42
get
兆芯X86 CPU架构的演进与现状（国产CPU系列）

本文详细介绍了兆芯X86 CPU架构的发展历程，从公司成立背景到关键技术授权，再到具体芯片架构的演进，全面解析了兆芯在国产CPU领域的贡献与挑战。 ... [详细]

蜡笔小新 2024-11-14 15:04:34
runtime
Java 中 com.apollographql.apollo.api.internal.Optional.orNull() 方法详解与示例

本文详细介绍了 com.apollographql.apollo.api.internal.Optional 类中的 orNull() 方法，并提供了多个实际代码示例，帮助开发者更好地理解和使用该方法。 ... [详细]

蜡笔小新 2024-11-14 15:03:23
web
异步 Rust 中的多线程为何无法实现并行化？

探讨异步 Rust 中多线程代码无法实现并行化的原因及解决方案。 ... [详细]

蜡笔小新 2024-11-13 15:43:52
split
使用Python和smtplib实现邮件发送功能

本文详细介绍了如何使用Python中的smtplib库来发送带有附件的邮件，并提供了完整的代码示例。作者：多测师_王sir，时间：2020年5月20日 17:24，微信：15367499889，公司：上海多测师信息有限公司。 ... [详细]

蜡笔小新 2024-11-12 12:21:27
web
Ave V8 JavaScript 引擎：持续优化与创新

V8不仅是一款著名的八缸发动机，广泛应用于道奇Charger、宾利Continental GT和BossHoss摩托车中。自2008年以来，作为Chromium项目的一部分，V8 JavaScript引擎在性能优化和技术创新方面取得了显著进展。该引擎通过先进的编译技术和高效的垃圾回收机制，显著提升了JavaScript的执行效率，为现代Web应用提供了强大的支持。持续的优化和创新使得V8在处理复杂计算和大规模数据时表现更加出色，成为众多开发者和企业的首选。 ... [详细]

蜡笔小新 2024-11-09 15:56:40
web
汇集开发者必备的实用参考网站与链接资源

为开发者提供了一系列实用的参考网站和资源链接，包括HTML速查手册（和），帮助开发者快速查找和学习相关技术知识。此外，还涵盖了其他重要的开发工具和文档，为编程工作提供全面支持。 ... [详细]

蜡笔小新 2024-11-08 12:23:08

-wkwn

这个家伙很懒，什么也没留下！

Tags | 热门标签

RankList | 热门文章