Re: JDBC with SSL - Mailing list pgsql-jdbc
| From | Barry Lind |
|---|---|
| Subject | Re: JDBC with SSL |
| Date | |
| Msg-id | 3E84995A.8020706@xythos.com Whole thread Raw |
| In response to | Re: JDBC with SSL ("John Laban" <johnl@infotn.com>) |
| List | pgsql-jdbc |
John, I have done this before, but I don't remember the exact steps. Java is very particular about the formats of certs it accepts. I ended up doing a google search and found some good instructions on how to get java to import an openssl created cert. Unfortunately I didn't keep those instructions. --Barry John Laban wrote: > Hello again, > > I have made numerous attempts to import the certificate from the server to > the client machine using java keytool with no success - the keytool > complains that the file is not a valid X.509 format. > > Additionally, for my application, only the encryption of the channel is > important so if it is possible to create an ssl connection without the > authentication portion that would be the best solution. > > > However I would still appreciate any information on how to import the > certificate (as generated using the Postgresql documention) into the java > certificate store. > > > > ----- Original Message ----- > From: "Barry Lind" <blind@xythos.com> > To: "John Laban" <johnl@infotn.com> > Cc: <pgsql-jdbc@postgresql.org> > Sent: Friday, March 28, 2003 11:11 AM > Subject: Re: [JDBC] JDBC with SSL > > > >>John, >> >>The error message indicates that your client doesn't trust the servers >>certificate. My guess is that you are using a self-signed certificate >>on the server. If you want to be able to connect you are going to need >>to import that certificate into the client side java certificate store >>so that it recognizes the self-signed certificate as valid and trusted. >> >>thanks, >>--Barry >> >> >>John Laban wrote: >> >>>Thanks for the quick reply, but I'm still having some difficulty. >>> >>>I have been trying to connect to postgresql (redhat version 7.2.3.1) > > using > >>>JDBC and SSL - I am using the 7.4 development driver. >>> >>>I know that the server side is set up correctly because when connecting >>>using psql the connection is established using SSL. >>> >>> >>>However when connecting via JDBC I receive >>> >>> >>> >>> >>>PostgreSQL 7.4devel JDBC3 with SSL (build 204) >>> >>> ssl = true >>> >>> compatible = 7.4 >>> >>> loglevel = 2 >>> >>>Asking server if it supports ssl >>> >>>Server response was (S=Yes,N=No): S >>> >>>server does support ssl >>> >>>converting regular socket connection to ssl >>> >>> >>> >>> at org.postgresql.core.PGStream.flush(PGStream.java:364) >>> >>> at >>> > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > >>>nection.java:269) >>> >>> at org.postgresql.Driver.connect(Driver.java:137) >>> >>> at > > java.sql.DriverManager.getConnection(DriverManager.java:512) > >>> at > > java.sql.DriverManager.getConnection(DriverManager.java:140) > >>> at docextractor.test.main(test.java:35) >>> >>> >>>Exception: An I/O error has occured while flushing the output - > > Exception: > >>>javax.net.ssl.SSLHandshakeException: >>>java.security.cert.CertificateException: Couldn't find trusted > > certificate > >>>Stack Trace: >>> >>> >>> >>>javax.net.ssl.SSLHandshakeException: >>>java.security.cert.CertificateException: Couldn't find trusted > > certificate > >>> at > > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) >>> >>> at >>>com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) >>> >>> at >>>java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69) >>> >>> at >>>java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127) >>> >>> at org.postgresql.core.PGStream.flush(PGStream.java:360) >>> >>> at >>> > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > >>>nection.java:269) >>> >>> at org.postgresql.Driver.connect(Driver.java:137) >>> >>> at > > java.sql.DriverManager.getConnection(DriverManager.java:512) > >>> at > > java.sql.DriverManager.getConnection(DriverManager.java:140) > >>> at docextractor.test.main(test.java:35) >>> >>> >>>Caused by: java.security.cert.CertificateException: Couldn't find > > trusted > >>>certificate >>> >>> >>> at >>>com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275) >>> >>> at >>> > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6 > >>>275) >>> >>> at >>> > > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6 > >>>275) >>> >>> ... 15 more >>> >>> >>>End of Stack Trace >>> >>> >>> >>> >>> >>>At the server side I get >>> >>> >>> >>>Failed to inititalize SSL Connection: sslv3 alert certificate unknown >>>(Success) >>> >>> >>> >>> >>>I have not been able to find any clear resolutions to this problem. If >>>someone can shed some light on a solution to this problem it would be >>>greatly appreciated. >>> >>> >>> >>>----- Original Message ----- >>>From: "Barry Lind" <blind@xythos.com> >>>To: "John Laban" <johnl@infotn.com> >>>Cc: <pgsql-jdbc@postgresql.org> >>>Sent: Thursday, March 27, 2003 5:58 PM >>>Subject: Re: [JDBC] JDBC with SSL >>> >>> >>> >>> >>>>John, >>>> >>>>This hasn't yet made it to the documentation. >>>> >>>>but adding ?ssl to the url should be what you need. (also consider >>>>using &loglevel=2 to turn on debugging info). >>>> >>>>--Barry >>>> >>>>John Laban wrote: >>>> >>>> >>>>>Hello, >>>>> >>>>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) > > say > >>>they include support for SSL. I can set up the server to use SSL, but I >>>can't seem to get the JDBC driver to actually connect using SSL. Is > > there > >>>any documentation on this? Or is there a specific parameter I am > > supposed > >>>to include in the connection URL? >>> >>> >>>>>Any help in this would be appreciated. >>>>> >>>>>John Laban >>>>> >>>> >>>> >>>>---------------------------(end of broadcast)--------------------------- >>>>TIP 5: Have you checked our extensive FAQ? >>>> >>>>http://www.postgresql.org/docs/faqs/FAQ.html >>> >>> >>> >>>---------------------------(end of broadcast)--------------------------- >>>TIP 6: Have you searched our list archives? >>> >>>http://archives.postgresql.org >>> >> >> >>---------------------------(end of broadcast)--------------------------- >>TIP 6: Have you searched our list archives? >> >>http://archives.postgresql.org > > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster >
pgsql-jdbc by date: