Postgres Pro
Downloads
Home   >   mailing lists

Re: could not accept SSL connection: sslv3 alert bad certificate - Mailing list pgsql-general

From Adrian Klaver
Subject Re: could not accept SSL connection: sslv3 alert bad certificate
Date
Msg-id 4d93b9ed-c087-19e9-a834-512fb2689783@aklaver.com
Whole thread Raw
In response to could not accept SSL connection: sslv3 alert bad certificate  (Marco Ippolito <ippolito.marco@gmail.com>)
Responses Re: could not accept SSL connection: sslv3 alert bad certificate
List pgsql-general
Tree view 
On 9/25/19 12:34 PM, Marco Ippolito wrote:
> Following the indications here: 
> https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#configuring-the-database 
> I'm trying to understand how to correctly set Fabric-CA with a 
> PostgreSQL-11 database in Ubuntu 18.04.02 Server Edition.
> 

> This is the corresponding part in 
> /var/log/postgresql/postgresql-11-fabmnet.log :
> 
>      2019-09-25 20:51:52.655 CEST [1096] LOG:  listening on IPv6 address 
> "::1",
>      port 5433
>      2019-09-25 20:51:52.673 CEST [1096] LOG:  listening on IPv4 address
>      "127.0.0.1", port 5433
>      2019-09-25 20:51:52.701 CEST [1096] LOG:  listening on Unix socket
>      "/var/run/postgresql/.s.PGSQL.5433"
>      2019-09-25 20:51:52.912 CEST [1171] LOG:  database system was 
> interrupted;
>       last known up at 2019-09-25 09:50:30 CEST
>      2019-09-25 20:51:53.001 CEST [1171] LOG:  database system was not 
> properly
>       shut down; automatic recovery in progress
>      2019-09-25 20:51:53.011 CEST [1171] LOG:  redo starts at 0/1668238
>      2019-09-25 20:51:53.011 CEST [1171] LOG:  invalid record length at
>      0/1668318: wanted 24, got 0
>      2019-09-25 20:51:53.011 CEST [1171] LOG:  redo done at 0/16682E0
>      2019-09-25 20:51:53.043 CEST [1096] LOG:  database system is ready to
>      accept connections
>      2019-09-25 20:51:53.569 CEST [1206] [unknown]@[unknown] LOG: 
>   incomplete
>      startup packet
>      2019-09-25 20:56:57.540 CEST [4620] [unknown]@[unknown] LOG:  could 
> not
>      accept SSL connection: sslv3 alert bad certificate
>      2019-09-25 20:56:57.543 CEST [4622] [unknown]@[unknown] LOG:  could not
>      accept SSL connection: sslv3 alert bad certificate
>      2019-09-25 20:56:57.544 CEST [4623] [unknown]@[unknown] LOG:  could 
> not
>      accept SSL connection: sslv3 alert bad certificate
> 

Aargh, I missed the part above.

What happens if you remove the sslmode=verify-full from the *.yaml file?

> 
>      And this is the db's configuration in (base) marco@pc:~$ nano 
> ./fabric/fabric-ca/fabric-ca-
>      server-config.yaml :
> 
>      db:
>        type: postgres
>        datasource: host=localhost port=5433 user=fabmnet_admin 
> password=pwd dbname=fabmnetdb
>      sslmode=verify-full
> 
> 
> How to correctly set up SSL connection to PostgresSQL-11 db?
> 
> Looking forward to your kind help
> Marco


-- 
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-general by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: could not accept SSL connection: sslv3 alert bad certificate
Next
From: Matthias Apitz
Date:
Subject: Re: updating sequence value for column 'serial'