个人中心
gpt4 book ai didi

java - keycloak - SSL 错误 : Certificates do not conform to algorithm constraints

转载 作者:行者123 更新时间:2023-12-01 19:33:18 25 4
gpt4 key购买 nike

我正在使用以下 docker 命令运行连接到 Amazon RDS Postgres 的 keycloak 实例:

docker run --rm --name keycloak \
-p 9090:8080 -e KEYCLOAK_USER=xxx \
-e KEYCLOAK_PASSWORD=xxx \
-e DB_VENDOR=postgres \
-e DB_ADDR=mydb2.xxx.rds.amazonaws.com:5432 \
-e DB_USER=xxx \
-e DB_PASSWORD=xxx \
-e DB_DATABASE=keycloak \
jboss/keycloak:latest

但无法连接到数据库:

05:18:54,776 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "keycloak-server.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"keycloak-server.war\".undertow-deployment" => "java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
    Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
    Caused by: java.lang.RuntimeException: Failed to connect to database
    Caused by: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
    Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
    Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection
    Caused by: org.postgresql.util.PSQLException: SSL error: Certificates do not conform to algorithm constraints
    Caused by: javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints
    Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
    Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: C=US, ST=Washington, L=Seattle, O=Amazon.com, OU=RDS, CN=mydb2.xxx.us-east-1.rds.amazonaws.com.  Usage was tls server"}}

我确信以下几点:

  • RDS 实例可用,端口已打开。我用psql检查过。
  • jboss/keycloak:7.0.1 会发生这种情况,jboss/keycloak:7.0.0 则不会发生这种情况。版本7.0.0工作正常。

为什么会发生这种情况以及如何解决?

这可能是一个太宽泛的问题,但我不是 Java 人员(我主要使用 Python),所以这是我所能做到的最狭窄的问题。

最佳答案

就像 Jan Garaj's answer 中所说的那样使用不同的 Java 版本。

此操作失败,因为 RDS 使用的 RSA key 只有 1024 位长,而 java.security 只允许长度超过 1024 位的 key 。

将您的 RDS 更新到新的证书颁发机构 (rds-ca-2019) 似乎会创建更长的 key 并解决此问题。

AWS has documentation on how to do this.

关于java - keycloak - SSL 错误 : Certificates do not conform to algorithm constraints,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58796587/

25 4 0
文章推荐: java - 如何在 Pattern.compile() 中转义管道字符
文章推荐: R:将 CrossTable 导出到 Latex
文章推荐: java - while 和 if 语句中无法访问代码
文章推荐: java - 当前时间/日期事件监听器
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com