Hi Dave,
It works now with DER format. Using below parameters now and “postgresql-42.2.5” driver.
String url1 = "jdbc:postgresql://<host>:5432/postgres?user=postgres"
+ "&password=<password>"
+ "&sslmode=verify-ca"
+ "&sslcert=<path>\postgresql.crt"
+ "&sslkey=<path>\my.key.der"
+ "&sslrootcert=<path>\root.crt";
Thanks,
Anup
From: Dave Cramer <pg@fastcrypt.com>
Sent: Saturday, May 18, 2019 12:51 AM
To: David Wall <d.wall@computer.org>
Cc: pgsql-jdbc@lists.postgresql.org
Subject: Re: SSL connection issue with JDBC
One thing is the certs for java have to be in DER format.
- Note: The key file must be in DER format. A PEM key can be converted to DER format using the openssl command:
openssl pkcs8 -topk8 -inform PEM -in my.key -outform DER -out my.key.der
On 5/14/19 9:31 AM, Rob Sargent wrote:
If I use latest JDBC postgrsql driver "postgresql-42.2.5" then I get below error.
Anup
Update you jdbc driver to current release.
Sounds like that was done.
Are you sure your SSL certs are recognized? The original exception suggests an issue with trust along the chain:
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=certificate-authority is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
That does seem an unexpected CN. Both your java cacerts and postgres would have to share the CA certs needed to validate the full chain.
David
