Re: SSL Problem - Mailing list pgsql-jdbc

From Stefano Bonnin
Subject Re: SSL Problem
Date
Msg-id 011001c46a75$a35633f0$0501a8c0@comai04
Whole thread Raw
In response to SSL Problem  ("Stefano Bonnin" <stefano.bonnin@comai.to>)
Responses Re: SSL Problem
List pgsql-jdbc
ok,thanks
but now, do you have any idea?

in the previuos e-mail I sent you only the server error now I send you the
server log messages at postgres startup time:

2004-07-15 14:03:40 LOG:  could not load root certificate file
"/usr/local/pgsql-7.4.2/bin/../../pgsql-7.4.1/data/root.crt": No such file
or directory
DETAIL:  Will not verify client certificates.
2004-07-15 14:03:40 LOG:  could not create IPv6 socket: Famiglia
dell'indirizzo non gestita dal protocollo
2004-07-15 14:03:40 LOG:  database system was shut down at 2004-07-15
14:03:40 CEST
2004-07-15 14:03:40 LOG:  checkpoint record is at 11/F6DC6DB4
2004-07-15 14:03:40 LOG:  redo record is at 11/F6DC6DB4; undo record is at
0/0; shutdown TRUE
2004-07-15 14:03:40 LOG:  next transaction ID: 27829164; next OID: 45696008
2004-07-15 14:03:40 LOG:  database system is ready

It doesn't find any root.crt, this is right, I think.

Thanks in advance.

RedS

----- Original Message -----
From: "Kris Jurka" <books@ejurka.com>
To: "Stefano Bonnin" <stefano.bonnin@comai.to>
Cc: <pgsql-jdbc@postgresql.org>
Sent: Thursday, July 15, 2004 3:40 PM
Subject: Re: [JDBC] SSL Problem


>
>
> On Thu, 15 Jul 2004, Stefano Bonnin wrote:
> > keytool -keystore
/usr/local/j2sdk1.4.2_04/jre/lib/security/cacerts -alias
> > postgres -import -file server.crt.der
> >
> > What I did't undestand in this steps is the following:
> >
> > keytool -keystore ... etc ...
> >
> > import the certificate in the java keystore and the JDBC driver *must*
find
> > the certificate in the keystore and download it on the client, is't
true? (I
> > dont't know if this is true) BUT if my affermation is true HOW the JDBC
> > driver (on the client) can find it in
> > /usr/local/j2sdk1.4.2_04/jre/lib/security?
>
> The certificate must be available to the client.  There is no "find and
> download" going on.  These instructions were likely written for the client
> on the same machine as the server so it was not emphasized that the cert
> needs to be available to the client JVM.
>
> Kris Jurka
>


pgsql-jdbc by date:

Previous
From: Kris Jurka
Date:
Subject: Re: SSL Problem
Next
From: Tom Lane
Date:
Subject: Re: Very strange Error in Updates