在 Jira Service Management 和 PostgreSQL 13.5 之间设置 mTLS

Set up mTLS between Jira Service Management and PostgreSQL 13.5

我正在尝试在 JSM 和 PostgreSQL 之间建立 mTLS 连接。

在数据库方面,我打开了 SSL,在 pg_hba.conf 我添加了下面的配置来告诉客户端使用证书进行连接:

hostssl   all   all  0.0.0.0/0 cert clientcert=1

在应用程序方面,我通过下面的行验证了它,它能够连接到数据库:

psql "host=<database server FQDN> port=5432 user=jiradbuser dbname=jiradb sslmode=verify-full sslcert=/path/to/jiradb.crt sslrootcert=/path/to/root.crt sslkey=/path/to/jiradb.key"

但是,当我配置 dbconfig.xml 时,它总是抱怨:

no pg_hba.conf entry for host <ip address of jira service management server>, user "jiradbuser", database "jiradb", SSL off

以下是dbconfig.xml的内容:

<?xml version="1.0" encoding="UTF-8"?>

<jira-database-config>
  <name>defaultDS</name>
  <delegator-name>default</delegator-name>
  <database-type>postgres72</database-type>
  <schema-name>public</schema-name>
  <jdbc-datasource>
    <url>jdbc:postgresql://<PosgreSQL server FQDN>:5432/jiradb?ssl=true;sslmode=verify-full;sslrootcert=/path/to/ca2.crt;sslcert=/path/to/jiradb.crt;sslkey=/path/to/jiradb.key</url>
    <driver-class>org.postgresql.Driver</driver-class>
    <username>jiradbuser</username>
    <password><password></password>
    <pool-min-size>30</pool-min-size>
    <pool-max-size>30</pool-max-size>
    <pool-max-wait>30000</pool-max-wait>
    <validation-query>select 1</validation-query>
    <min-evictable-idle-time-millis>60000</min-evictable-idle-time-millis>
    <time-between-eviction-runs-millis>300000</time-between-eviction-runs-millis>
    <pool-max-idle>30</pool-max-idle>
    <pool-remove-abandoned>true</pool-remove-abandoned>
    <pool-remove-abandoned-timeout>300</pool-remove-abandoned-timeout>
    <pool-test-on-borrow>false</pool-test-on-borrow>
    <pool-test-while-idle>true</pool-test-while-idle>
    <connection-properties>tcpKeepAlive=true;socketTimeout=240</connection-properties>
  </jdbc-datasource>
</jira-database-config>

请问 JDBC 的正确格式应该是什么?

谢谢

嗯,经过调查我注意到 dbconfig.xml 中的分隔符应该是“&”而不是“;”。此外,私钥应该在 PKCS#8 而不是 PKCS#1。 修改完这两个部分后,一切就绪 运行.