無法連接到Bluemix中的mongodb，未能找到證書路徑

Question

我無法從我部署的bluemix應用程序連接到我的Compose MongoDB服務。它似乎無法找到必要的證書。我曾預料它會直接從環境變量VCAP_SERVICES中選擇它。

我可以從我的本地測試環境運行此罰款，因爲我將密鑰導入到Java中適當的密鑰庫中。

如果我在bluemix上查看它們的node.js示例，它們實際上是在連接期間傳遞證書。但是，我無法在Java API的任何位置找到它。

我相信我需要將這個證書添加到bluemix上的虛擬機（看起來不太可能），或者當我不能（看不到）時，我需要通過Java驅動程序傳遞它。

想法？

根據記錄，這是例外，我得到：

com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting for a server that matches 
ReadPreferenceServerSelector{readPreference=primary}. Client view of 
cluster state is {type=UNKNOWN, servers=[{address=bluemix-sandbox-dal-9-portal.7.dblayer.com:26123, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}, {address=bluemix-sandbox-dal-9-portal.6.dblayer.com:26123, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}] 
com.mongodb.connection.BaseCluster.createTimeoutException(BaseCluster.java:377) 
com.mongodb.connection.BaseCluster.selectServer(BaseCluster.java:104) 
com.mongodb.binding.ClusterBinding$ClusterBindingConnectionSource.<init>(ClusterBinding.java:75) 
com.mongodb.binding.ClusterBinding$ClusterBindingConnectionSource.<init>(ClusterBinding.java:71) 
com.mongodb.binding.ClusterBinding.getReadConnectionSource(ClusterBinding.java:63) 
com.mongodb.operation.OperationHelper.withConnection(OperationHelper.java:402) 
com.mongodb.operation.FindOperation.execute(FindOperation.java:510) 
com.mongodb.operation.FindOperation.execute(FindOperation.java:81) 
com.mongodb.Mongo.execute(Mongo.java:836) 
com.mongodb.Mongo$2.execute(Mongo.java:823) 
com.mongodb.FindIterableImpl$FindOperationIterable.first(FindIterableImpl.java:216) 
com.mongodb.FindIterableImpl.first(FindIterableImpl.java:156) 
com.ibm.smarts.experiment.UserMgr.getUserDetails(UserMgr.java:146) 
com.ibm.smarts.experiment.UserMgr.authenticateUser(UserMgr.java:123) 
com.ibm.smarts.experiment.servlet.LoginServlet.doPost(LoginServlet.java:31) 
javax.servlet.http.HttpServlet.service(HttpServlet.java:648) 
javax.servlet.http.HttpServlet.service(HttpServlet.java:729) 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 

Answer 1

有記載here幾個選項。例如：

將該證書導入到Java信任庫文件，將該文件打包到Java應用程序並通過JAVA_OPTS環境變量指定其路徑;信任庫文件可以放在資源目錄下。這可以被用於單個應用程序：

通過使用 'CF設定-ENV' 命令：

cf set-env <app> JAVA_OPTS '-Djavax.net.ssl.TrustStore=classpath:resources/config/truststore' 

通過使用manifest.yml：

--- 
applications: 
- name: java-app 
    ... 
    env: 
    JAVA_OPTS: '-Djavax.net.ssl.TrustStore=classpath:resources/config/truststore'