Maybe a take in the wrong direction, but have you checked that all certs
are existing and valid throughout the certificate chain?
I am talking about both the server and the client side.
(Yes, you have already said that it does work with psql, so the question
is whether all certs and the key are imported correctly into the keystore.)
BTW I have found more convenient to use the same keystore for both the
client cert/key and the trust anchors.
On 12/05/2011 07:46 PM, Walter Hurry wrote:
> On Mon, 05 Dec 2011 08:28:33 +0800, Craig Ringer wrote:
>
>> You don't need the SecurityManager enabled. You need the java.net.ssl
>> properties for keyStore, keyStorePassword and keyStoreType set to point
>> to your JECKS keystore, and need trustStore, trustStorePassword and
>> trustStoreType set to point to the keystore you imported the database's
>> certificate into, which is probably the same store in your case.
>
> <snip option 2>
>
> Thanks for the guidance, Craig. I'm trying to use javax.net.ssl but I'm
> still stuck. Sample below:
> -------------------------------------------------------------
> $ java -Djavax.net.ssl.keyStore=$HOME/.postgresql/clientstore \
> -Djavax.net.ssl.keyStorePassword=changeit \
> -Djavax.net.ssl.keyStoreType="jks" \
> -Djavax.net.ssl.trustStore=$JAVA_HOME/lib/security/cacerts \
> -Djavax.net.ssl.trustStorePassword=changeit \
> -Djavax.net.ssl.trustStoreType="jks" \
> JDBCExample neptune misc
> -------- PostgreSQL JDBC Connection Testing ------------
> PostgreSQL JDBC driver registered
> Getting connection to jdbc:postgresql://neptune/misc
> Connect failed: FATAL: connection requires a valid client certificate
> -------------------------------------------------------------
>
> Any idea what I am doing wrong?
>
> Thanks.
>
>
>