I was interested in this[1] work on SSL client certs for JDBC, but I
see the author stopped working on your project. I hope the list can
give me a quick clue, because i've been banging my head against this
all day.
1: http://github.com/ringerc/pkcs12provider
First of all, I should mention that my client cert authentication is
working fine with libpq/psql. So I'm satisfied that the certs and
keys are in order.
The problem is when I try to use JDBC it doesn't pick up my client
cert. I have two files, truststore and keystore.
$ file truststore keystore
truststore: Java KeyStore
keystore: Java KeyStore
truststore has only my self-signed root CA cert. keystore has the
root CA cert and my signed client certificate. Using a trivial JDBC
test class and this command line:
java -cp /usr/share/java/postgresql.jar:.
-Djavax.net.ssl.keyStore=./keystore
-Djavax.net.ssl.trustStore=./truststore TestJdbc
I get this exception:
Exception in thread "main" org.postgresql.util.PSQLException: FATAL:
connection requires a valid client certificate
Which is half good, because I know that it's validating the trust
chain from the server to the root CA, but half bad because it's not
sending the client cert. I know it's opening the keystore with my
client cert in it, because I verified it with strace.
Do I need to use a SSL socket factory class to make this work, or is
it supposed to work out of the box and if so how?
-jwb
