Re: JDBC with SSL - Mailing list pgsql-jdbc
| From | Barry Lind |
|---|---|
| Subject | Re: JDBC with SSL |
| Date | |
| Msg-id | 3F6E7540.8080400@xythos.com Whole thread Raw |
| In response to | JDBC with SSL (Angel Todorov <atodorov@acm.org>) |
| List | pgsql-jdbc |
Can you provide the steps you used to create and import your cert?
thanks,
--Barry
Angel Todorov wrote:
> Hello,
> I have a question regarding the SSL support of the development JDBC3
> driver. I want to connect securely to a postgresql database . My
> environment is the following:
>
> PostgreSQL server version: PostgreSQL 7.3.2
> OS on which the server is running: OpenBSD 3.3
>
> --- from postgresql.conf ---
>
> ssl = true
>
> ----------------------------
>
> I have also generated the needed certificates for the SSL support as
> described in the PostgreSQL manual under" 3.7. Secure TCP/IP Connections
> with SSL".
>
> The client enviroment is the following:
> OS: Windows XP
> JDK : j2sdk1.4.2_01
> jdbc driver: JDBC3, development version
> IDE: Eclipse
>
> Normally, without SSL, the connectivity is O.K
>
> When enabled, the following exception is thrown:
>
> org.postgresql.util.PSQLException: An I/O error has occured while
> flushing the output - Exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
>
> Here is also a small part of the stack trace:
> --------------------------------------------------
> Caused by: sun.security.validator.ValidatorException: No trusted
> certificate found
> at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown
> Source)
> at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
> Source)
> ... 16 more
> End of Stack Trace
>
> at org.postgresql.core.PGStream.flush(PGStream.java:416)
> at
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnectionV3(AbstractJdbc1Connection.java:284)
>
> at
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Connection.java:213)
>
> at org.postgresql.Driver.connect(Driver.java:138)
> at java.sql.DriverManager.getConnection(Unknown Source)
> at java.sql.DriverManager.getConnection(Unknown Source)
> at PostgreSQLSSL.main(PostgreSQLSSL.java:33)
> java.lang.NullPointerException
> at PostgreSQLSSL.main(PostgreSQLSSL.java:39)
> Exception in thread "main"
> -----------------------------------------------------
>
> The code that generates the above Exception is :
>
> --- START ------
>
> public static void main(String[] args) throws SQLException {
>
> Properties opt = new Properties();
> opt.setProperty("ssl", "true");
> opt.setProperty("user", username);
> opt.setProperty("password", password);
>
> Connection db=null;
> try {
> Class driver=Class.forName("org.postgresql.Driver");
> db = DriverManager.getConnection(url, opt);
> } catch (Exception e) {
> e.printStackTrace();
> }
> ------- END ------------
>
> I have imported the server's certificate using the keytool successfully
> , though the exception states that no *trusted* certificate is found. My
> certificate is self-signed. Could it be the problem that the certificate
> is not accepted (i.e i have to create it differently either on the
> server side, or import it differently on the client side) ? Or maybe
> there is a conflict between the PostgreSQL and JDBC3 versions?
>
> Thanks a lot in advance for your help.
>
> Regards,
>
> Angel
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html
>
pgsql-jdbc by date: