zhong ming wu <mr.z.m.wu@gmail.com> Saturday 05 February 2011 22:11:50
> On Sat, Feb 5, 2011 at 11:08 AM, Radosław Smogura
>
> It's nice to know that all the problems can be traced to JVM settings.
>
> FWIW, I ended using
> 'sslfactory=org.postgresql.ssl.NonViladatingFactory' on Windows 7
> which I didn't need on Mac.
>
> Have you looked into 'keytool' ? That lets you manipulate the
> certificates that JVM relies on. What I am not sure is where one must
> enter server certificates one by one into JVM or whether one can enter
> a CA.
Sueficinet is to put parent cert (or self-signed) cert in truststore, but
standard validator validates certs expirantion date. I don't know if parent
cert must be self-signed. Actually I have own CA, so it was sueficient to put
CA cert in truststore.
If SSL doesn't want to work with this
-Djavax.net.ssl.trustStorePassword=changeit
may help,"chageit" is standard master password.
