Re: ssl connection strangely stops working - Mailing list pgsql-jdbc
| From | Radosław Smogura |
|---|---|
| Subject | Re: ssl connection strangely stops working |
| Date | |
| Msg-id | 201102050958.37104.rsmogura@softperience.eu Whole thread Raw |
| In response to | ssl connection strangely stops working (zhong ming wu <mr.z.m.wu@gmail.com>) |
| Responses |
Re: ssl connection strangely stops working
(zhong ming wu <mr.z.m.wu@gmail.com>)
|
| List | pgsql-jdbc |
I don't think JDBC driver use custom SSL "validators" including host name and certificate chains, if you don't specify one with socket factory. It lies on this what is available in JVM. It's looks like in this way Sun SSL sockets works. May I ask what GF version do you use and did you specified trustore passwords configuration in -D propperties? I actually use GF and I was in need to configure truststores per JVM level (- D) to use SSL sockets in (v3.1 releases). I don't like this soulution as it require to provide clear text master password. Kind regards, Radosław Smogura http://softperience.eu zhong ming wu <mr.z.m.wu@gmail.com> Saturday 05 February 2011 03:50:37 > the problem was traced to server certificate expiration > > the problematic server cert is signed by a commercial CA. i think > problem is caused by jdbc not connecting to expired certificate > > however jdbc had not been checking that hostname is the same as CN ; > so i had assumed that i does no other checking. > > since psql was working it confused me even more. replacing with > unexpired commercial certificate fixes the problem although this new > cert CN does match the hostname. > > jdbc also does not like unexpired server cert signed by the company CA. > > good to learn something new. > > very sorry about the noise. > > On Fri, Feb 4, 2011 at 8:48 PM, zhong ming wu <mr.z.m.wu@gmail.com> wrote: > > Dear List > > > > I am not a very experienced user of jdbc although have been using > > postgresql for many years having done many server installation and > > administering them. > > > > From three different systems (mac, windows, and centos virtualbox) > > behind 1 ip address I had succeeded in getting ssl connection to a > > remote server via jdbc. (That after much struggle on centOS > > glassfish; turns out i had to run > > "asadmin set > > domain.resources.jdbc-connection-pool.connectionPool.property.JDBC30Data > > Source=true" at glassfish account) > > > > On mac and windows the connection is set up via netbeans/glassfish. > > All were working very well for about two weeks up until yesterday > > evening. > > > > Today all three connections stop working for no apparent reason. I > > had not touched any settings on the postgresql server. > > > > In server log I only get this, > > > > LOG: could not accept SSL connection: sslv3 alert certificate unknown > > > > Yes I googled this problem and find pages seemingly not relevant to my > > problem. I know I have ssl connection right because it was working > > just 24 hours ago with no changes in server or client settings. > > > > Even weirder I can still connect to this server using psql from centOS > > virtualbox. See this > > ------------------ > > /usr/local/pg/bin/psql -U mail -h server.address -p 5433 mail > > Password for user mail: > > psql (9.0.2) > > SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) > > Type "help" for help. > > > > mail=> > > ----------- > > > > Any suggestions? Do I suddenly need to enter server ssl cert into > > keystore of glassfish server now? But I didn't need it before! > > > > Some webpages mention using property > > sslfactory=org.postgresql.ssl.NonValidatingFactory > > > > That does not seem to help much. > > > > Thanks > > > > mr wu
pgsql-jdbc by date: