0

I am trying to connect the MongoDB which is having SSL/TLS enabled along with self signed certificates. I have loaded the self-signed certificate in my local machine cacerts. But getting the exception

SSL is enabled but the socket is not an instance of javax.net.ssl.SSLSocket

References: Connecting to MongoDb with SSL from JAVA app

Problem with below code, it accepts all the certificates. I wanted it to be restricted with self-signed certificate that's jvm trust certificates

    public static void main(String args[])  throws Exception {

         String JAVA_HOME="C:\\Program Files\\Java\\jre1.8.0_211";
         System.setProperty ("javax.net.ssl.trustStore",JAVA_HOME + "\\lib\\security\\cacerts");
         System.setProperty ("javax.net.ssl.trustStorePassword","yyyy");
         System.setProperty ("javax.net.ssl.keyStore",JAVA_HOME + "\\lib\\security\\mongo.pkcs12");
         System.setProperty ("javax.net.ssl.keyStorePassword","xxxx");

         MongoClientURI connectionString;
         String uri = "mongodb://ttt:[email protected]:17017/db?authMechanism=SCRAM-SHA-1";
         MongoClientOptions.Builder optionsBuilder;

         optionsBuilder = MongoClientOptions.builder()
                 .sslEnabled(true)
                 .sslInvalidHostNameAllowed(true)
                 .socketFactory(getSSF());

         connectionString = new MongoClientURI(uri, optionsBuilder);
         MongoClient m = new MongoClient(connectionString);
         DB db = m.getDB( "db" );
         DBCollection c = db.getCollection( "mongostudent");

         System.out.println( c.findOne() );
    }

    private static SSLSocketFactory getSSF() throws  NoSuchAlgorithmException, KeyManagementException{
        SSLContext sslContext;

        sslContext = SSLContext.getInstance("TLSv1.2");
        sslContext.init((KeyManager[])null, new TrustManager[]{new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {

                System.out.println("Certificate:"+x509Certificates[0]);
            }

            public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {

                System.out.println("Certificate:"+x509Certificates[0]);
            }

            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }}, new SecureRandom());

        return sslContext.getSocketFactory();
    }
}

Keytool command used:

  1. keytool -import -trustcacerts -file C:/certificateauth.pem -keystore cacertskeystore.jks -storepass "xxxx"

  2. placed the pkcs file in security folder

I need to configure it in a way so that it accepts only trusted certificate.

Improve this question
3
  • 1
    'The socket is not an instance of javax.net.ssl.SSLSocket'. Proof? What is it an instance of? and what does that have to do with your question? Solution: remove the insecure TrustManager. Importing the self-signed certificate into your truststore is sufficient. Commented Sep 24, 2019 at 5:14
  • do you mean sslContext.init(null,null,null) ? Commented Sep 24, 2019 at 14:49
  • No,. I mean use the default TrustManager. I don't see that you even need the explicit SSLContext: just use the default one. You haven't answered my question. Commented Sep 25, 2019 at 3:49
Related questions
8
How to fix SSL - No available certificate
1
Configuring Java MongoClient to use X.509 certificate for the authentication
0
MongoDB ssl in java works only with intermediate certificate
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.