Home > mailing lists

ssl connection issues - Mailing list pgsql-jdbc

From	Gabriele Bulfon
Subject	ssl connection issues
Date	September 13, 2018 18:23:45
Msg-id	652759681.5047.1536841425886@www Whole thread Raw
Responses	Re: ssl connection issues (Vladimir Sitnikov <sitnikov.vladimir@gmail.com>) Re: ssl connection issues (Craig Ringer <craig@2ndquadrant.com>) Re: ssl connection issues (Gabriele Bulfon <gbulfon@sonicle.com>)
List	pgsql-jdbc

Tree view

Hello,

I recently configured Postgresql 9.0.9 with SSL only "on" and all its needed server certificates.

I then created the client certificates and started working with them from a windows client.

At first I used them with tools like Navicat, just specified the 3 certs files (key,crt and root.crt) in the ssl pane, worked fine.

Then I tried with ODBC, placed the files in %APPDATA%/postgresql with correct names (postgresql.key, postgresql.crt, root.crt), created the connection and tested it, worked fine.

Last I tried with jdbc, thinking it would have been so easy: I'm fighting for 2 days with lots of different issues.

After some messing, I also finally discovered that, different from odbc, it would look for a pk8 file (why this difference?).

I created the pk8 file on the server from the original key used for odbc, with the command:

# openssl pkcs8 -topk8 -in client.key -out client.pk8 -outform DER -nocrypt

placed the pk8 file in %APPDATA%/postgresql and launched my test java connection:

Connection con=DriverManager.getConnection("jdbc:postgresql://myhost:5432/mydb?ssl=true&loggerLevel=DEBUG&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=require","user","pass");

And now I get this:

Exception in thread "main" org.postgresql.util.PSQLException: SSL error: Received fatal alert: decrypt_error
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:42)
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:435)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
at org.postgresql.Driver.makeConnection(Driver.java:454)
at org.postgresql.Driver.connect(Driver.java:256)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:247)
at com.sonicle.aliseo.server.TestPostgresSSL.main(TestPostgresSSL.java:23)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:40)
... 10 more

Tried both with jdk1.7 and jdk1.8 and openjdk1.8.

Any idea?
Gabriele

Sonicle S.r.l. : http://www.sonicle.com

Music: http://www.gabrielebulfon.com

Quantum Mechanics : http://www.cdbaby.com/cd/gabrielebulfon

pgsql-jdbc by date:

From: Laurenz Albe
Date: 10 September 2018, 13:39:51
Subject: Re: Postgresql jdbc driver for PG version 9.5

From: Vladimir Sitnikov
Date: 13 September 2018, 19:33:59
Subject: Re: ssl connection issues

ssl connection issues - Mailing list pgsql-jdbc

Previous

Next