redis配置tls - 掘金 (juejin.cn)
看一下上面的文章,就知道ca.crt等文件的来由了。
keytool -importcert -alias Cacert -file ca.crt -keystore trust-store-redis -storepass password1
linux环境下
openssl pkcs12 -export -in client.crt -inkey client.key -name "mysql-client" -passout pass:password2 -out client-keystore.p12
keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 -srcstorepass password2 -destkeystore key-store-redis -deststoretype JKS -deststorepass passowrd3
拷贝key-store-redis、trust-store-redis到resource目录下
@Configuration
public class RedisConfig {
@Bean
public RedisConnectionFactory redisConnectionFactory() throws Exception {
String host = "hostname"; //redis server地址
int port = 6379; //tls端口
String trustStoreFile = "classpath:trust-store-redis";
String keyStoreFile = "classpath:key-store-redis";
ClientOptions clientOptions = ClientOptions.builder()
.sslOptions(SslOptions.builder()
.jdkSslProvider()
.truststore(ResourceUtils.getFile(trustStoreFile),"password1")
.keystore(ResourceUtils.getFile(keyStoreFile), "password3".toCharArray())
.build())
.build();
RedisStandaloneConfiguration configuration = new RedisStandaloneConfiguration();
configuration.setHostName(host);
configuration.setPort(port);
LettuceClientConfiguration lettuceClientConfiguration = LettuceClientConfiguration.builder()
.clientOptions(clientOptions)
.useSsl()
.disablePeerVerification() //不验证服务器的CA证书,使用ip地址可以连接
.build();
return new LettuceConnectionFactory(configuration,lettuceClientConfiguration);
}
@Bean
public RedisTemplate<String,Object> redisTemplate(RedisConnectionFactory redisConnectionFactory){
RedisTemplate<String,Object> redisTemplate = new RedisTemplate<>();
redisTemplate.setConnectionFactory(redisConnectionFactory);
redisTemplate.setKeySerializer(RedisSerializer.string());
redisTemplate.setValueSerializer(RedisSerializer.json());
redisTemplate.setHashKeySerializer(RedisSerializer.string());
redisTemplate.setHashValueSerializer(RedisSerializer.json());
redisTemplate.afterPropertiesSet();
return redisTemplate;
}
}
