Hi !
Today I found a strange problem.I received a pair of certificates (client and server) to allow access to mysql.using certificates with the utility mysql (mysql - ssl-ca = cacert.pem - ssl-key = key.pem - ssl-cert = cert.pem-uuserssl-ppassword) the connection is successfully established .. . but if I use the same certificates with JDBC connector (using java application ) the connection fails with the exception -KeyUsage does not allow digital signatures- .
There someone that can help me to resolve the arcane ?
Thanks in advance.
Alex
Some informations:
JdbcURL = jdbc:mysql://127.0.0.1/testl?useSSL=true&
requireSSL=true&
clientCertificateKeyStoreUrl=file:///C:/Program Files/mysql/CertificatiTI/test/keystore&
clientCertificateKeyStoreType=JKS&
clientCertificateKeyStorePassword=123456&
trustCertificateKeyStoreUrl=file:///C:/Program Files/mysql/CertificatiTI/test/truststore&trustCertificateKeyStoreType=JKS&trustCertificateKeyStorePassword=123456
exception stack trace
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet successfully received from the server was 276 milliseconds ago.
The last packet sent successfully to the server was 274 milliseconds ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1074)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2214)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:781)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:46)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:352)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:284)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at Test.main(Test.java:144)
Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet successfully received from the server was 273 milliseconds ago.
The last packet sent successfully to the server was 271 milliseconds ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1074)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:104)
at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4545)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1330)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2142)
... 12 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator
Exception: KeyUsage does not allow digital signatures
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(UnknownSource)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:89)
... 15 more
Caused by: sun.security.validator.ValidatorException: KeyUsage does not allow digital signatures
at sun.security.validator.EndEntityChecker.checkTLSServer(Unknown Source
)
at sun.security.validator.EndEntityChecker.check(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 24 more
Today I found a strange problem.I received a pair of certificates (client and server) to allow access to mysql.using certificates with the utility mysql (mysql - ssl-ca = cacert.pem - ssl-key = key.pem - ssl-cert = cert.pem-uuserssl-ppassword) the connection is successfully established .. . but if I use the same certificates with JDBC connector (using java application ) the connection fails with the exception -KeyUsage does not allow digital signatures- .
There someone that can help me to resolve the arcane ?
Thanks in advance.
Alex
Some informations:
JdbcURL = jdbc:mysql://127.0.0.1/testl?useSSL=true&
requireSSL=true&
clientCertificateKeyStoreUrl=file:///C:/Program Files/mysql/CertificatiTI/test/keystore&
clientCertificateKeyStoreType=JKS&
clientCertificateKeyStorePassword=123456&
trustCertificateKeyStoreUrl=file:///C:/Program Files/mysql/CertificatiTI/test/truststore&trustCertificateKeyStoreType=JKS&trustCertificateKeyStorePassword=123456
exception stack trace
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet successfully received from the server was 276 milliseconds ago.
The last packet sent successfully to the server was 274 milliseconds ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1074)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2214)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:781)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:46)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:352)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:284)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at Test.main(Test.java:144)
Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet successfully received from the server was 273 milliseconds ago.
The last packet sent successfully to the server was 271 milliseconds ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1074)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:104)
at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4545)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1330)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2142)
... 12 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator
Exception: KeyUsage does not allow digital signatures
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(UnknownSource)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:89)
... 15 more
Caused by: sun.security.validator.ValidatorException: KeyUsage does not allow digital signatures
at sun.security.validator.EndEntityChecker.checkTLSServer(Unknown Source
)
at sun.security.validator.EndEntityChecker.check(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 24 more