ssl connection issues - Mailing list pgsql-jdbc
From | Gabriele Bulfon |
---|---|
Subject | ssl connection issues |
Date | |
Msg-id | 652759681.5047.1536841425886@www Whole thread Raw |
Responses |
Re: ssl connection issues
Re: ssl connection issues Re: ssl connection issues |
List | pgsql-jdbc |
Hello,
I recently configured Postgresql 9.0.9 with SSL only "on" and all its needed server certificates.
I then created the client certificates and started working with them from a windows client.
At first I used them with tools like Navicat, just specified the 3 certs files (key,crt and root.crt) in the ssl pane, worked fine.
Then I tried with ODBC, placed the files in %APPDATA%/postgresql with correct names (postgresql.key, postgresql.crt, root.crt), created the connection and tested it, worked fine.
Last I tried with jdbc, thinking it would have been so easy: I'm fighting for 2 days with lots of different issues.
After some messing, I also finally discovered that, different from odbc, it would look for a pk8 file (why this difference?).
I created the pk8 file on the server from the original key used for odbc, with the command:
# openssl pkcs8 -topk8 -in client.key -out client.pk8 -outform DER -nocrypt
placed the pk8 file in %APPDATA%/postgresql and launched my test java connection:
Connection con=DriverManager.getConnection("jdbc:postgresql://myhost:5432/mydb?ssl=true&loggerLevel=DEBUG&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=require","user","pass");
And now I get this:
Exception in thread "main" org.postgresql.util.PSQLException: SSL error: Received fatal alert: decrypt_error
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:42)
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:435)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
at org.postgresql.Driver.makeConnection(Driver.java:454)
at org.postgresql.Driver.connect(Driver.java:256)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:247)
at com.sonicle.aliseo.server.TestPostgresSSL.main(TestPostgresSSL.java:23)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:40)
... 10 more
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:42)
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:435)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
at org.postgresql.Driver.makeConnection(Driver.java:454)
at org.postgresql.Driver.connect(Driver.java:256)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:247)
at com.sonicle.aliseo.server.TestPostgresSSL.main(TestPostgresSSL.java:23)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:40)
... 10 more
Tried both with jdk1.7 and jdk1.8 and openjdk1.8.
Any idea?
Gabriele
Gabriele
Sonicle S.r.l. : http://www.sonicle.com
Quantum Mechanics : http://www.cdbaby.com/cd/gabrielebulfon
pgsql-jdbc by date: