Намерих как трябва да реша проблема.
Със сигурност регистрирах mongo сертификата в java security, както е показано тук:
sudo keytool -import -alias ca1 -file mongo-CA-cert.crt -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
Направих следното:1) Конвертиране на pem файл в pkcs12
openssl pkcs12 -export -out hikmatuser.pfx -inkey hkshreimuser.key -in hkshreimuser.crt -certfile mongo-CA-cert.crt
2) Пиша следния JAVA код за тестване и той работи добре:
private SSLContext getSSLContext(String filePath){
String password = "123456";
String jvm_certs_path = "/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts";
String jvm_certs_password = "changeit";
try{
KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream(filePath), password.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(clientStore, password.toCharArray());
KeyManager[] kms = kmf.getKeyManagers();
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(jvm_certs_path), jvm_certs_password.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
TrustManager[] tms = tmf.getTrustManagers();
SSLContext sslContext = null;
sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms, tms, new SecureRandom());
return sslContext;
}catch (Exception e){
e.printStackTrace();
}
return null;
}
public void getMongoClient() {
String filePath2 = "/home/hikmat/mongodbssl/s2/hikmatuser.pfx";
String user = "[email protected],CN=xxxx,OU=xxxxxx,O=xxxxxx,L=xxxx,ST=xxxx,C=XX";
SSLContext sslContext = getSSLContext(filePath2);
MongoCredential credential = MongoCredential.createMongoX509Credential(user);
MongoClientOptions options = MongoClientOptions.builder().sslEnabled(true).sslContext(sslContext).build();
//mongodbserver should be the same name "CN" that you use when you create server cert file
MongoClient mongoClient = new MongoClient(new ServerAddress("mongodbserver", 27017), credential,options);
return mongoClient;
}// end of method