Re: JDBC with SSL - Mailing list pgsql-jdbc

From Craig Ringer
Subject Re: JDBC with SSL
Date
Msg-id 4EDEF445.10006@ringerc.id.au
Whole thread Raw
In response to Re: JDBC with SSL  (Walter Hurry <walterhurry@lavabit.com>)
Responses Re: JDBC with SSL
List pgsql-jdbc
On 07/12/11 03:43, Walter Hurry wrote:
> On Tue, 06 Dec 2011 08:45:48 +0800, Craig Ringer wrote:
>
>> On 12/06/2011 02:46 AM, Walter Hurry wrote:
>>> ------------------------------------------------------------- $ java
>>> -Djavax.net.ssl.keyStore=$HOME/.postgresql/clientstore \
>>>         -Djavax.net.ssl.keyStorePassword=changeit \
>>>         -Djavax.net.ssl.keyStoreType="jks" \
>>>
>> I thought you could only use a JECKS store when including private keys?
> Sorry, I'm pretty new to all this. What is a JECKS store? Does it mean I
> have the keyStoreType wrong?

JKS and JECKS are two different key store formats. Keytool understands
both. If my memory serves, JECKS is the encrypted keystore format,
intended for storing private key data. I think you can use JECKS for
both certificate and key data, but you can use JKS only for certificate
data, NOT  for key data.

If you want your trusted certs and your client certs+keys in the same
store, use a JECKS store by passing the "-storetype JECKS" argument to
keytool when creating the store and importing a cert into it. I have the
niggling memory that if you use the JKS store (default) then keytool
imports the certificate from your input pkcs#2 (or whatever) file and
ignores the key.

--
Craig Ringer

pgsql-jdbc by date:

Previous
From: Maciek Sakrejda
Date:
Subject: Re: test git conversion
Next
From: Tom Lane
Date:
Subject: Re: test git conversion