Postgres Pro
Downloads
Home   >   mailing lists

Re: PostgreSQL + SSL - sun.security.validator.ValidatorException - Mailing list pgsql-jdbc

From Andrew M
Subject Re: PostgreSQL + SSL - sun.security.validator.ValidatorException
Date
Msg-id C8726946-4900-11D9-870C-0003938366A4@jibeya.com
Whole thread Raw
In response to PostgreSQL + SSL - sun.security.validator.ValidatorException  (Andrew M <andrew@jibeya.com>)
List pgsql-jdbc
Tree view 
Ok,
I'm nearly there but not yet.....

I can ascertain what is in my keystore by doing:

$ keytool -list

    Enter keystore password:  mypassword

    Keystore type: jks
    Keystore provider: SUN

    Your keystore contains 1 entry

    beyarecords.com, Dec 7, 2004, keyEntry,
    Certificate fingerprint (MD5):
32:44:5B:78:85:BA:BA:96:C1:CF:DF:A2:6A:0E:78:CB

I specify properties in jboss like so:

    javax.net.ssl.keyStore=/library/java/home/lib/security/cacerts
    javax.net.ssl.keyStorePassword=changeit
    javax.net.ssl.keyStoreType= JKS

The error message I get back is:

    sun.security.validator.ValidatorException: No trusted certificate found

If I say :
    javax.net.ssl.keyStore=/library/java/home/lib/security/cacerts/
beyarecords.com
    javax.net.ssl.keyStorePassword=mypassword

I  get the following error:

    java.net.SocketException: Default SSL context init failed: null

I am of the understanding that once a certificate has been imported
into the keystore and associated via an alias(beyarecords.com) with a
key (32:44:5B:78:85:BA:BA:96:C1:CF:DF:A2:6A:0E:78:CB) that it is then
trusted? What am I missing here?

regards

Andrew

On 7 Dec 2004, at 16:37, Vadim Nasardinov wrote:

> On Tuesday 07 December 2004 07:38, Andrew M wrote:
>> I need to explain my setup here. I'm running a website via Jboss
>> application server.
> ...
>> I launch jboss like so:
>>
>>> cd /jboss/bin
>> /jboss/bin>  ./run.sh
>>
>> So how do I tell the driver where to find the keystore in this
>> instance, as I am not running a stand alone java application?
>
> JBoss's run.sh likely provides a way to pass command-line options to
> the JRE.  This is needed so can you specify the maximum heap and stack
> size, among other things.  The standard way of doing this is to allow
> the user to set an enviroment variable called JAVA_OPTS or some
> such.  So, once you know what this variable is named in your
> particular case, you should be able to do something along the
> following lines:
>
>
> $ cd /jboss/bin
> $ export
> JAVA_OPTS="-Djavax.net.ssl.trustStore=/library/java/home/lib/security/
> cacert"
> $  ./run.sh
>
> The script is then responsible for splicing this additional option
> onto the command line that it uses to invoke java.
>
> See
> http://www.google.com/search?q=jboss+run.sh+JAVA_OPTS&btnI=
>
>
>

pgsql-jdbc by date:

Previous
From: Markus Schaber
Date:
Subject: Re: prepared statement call fails
Next
From: Vadim Nasardinov
Date:
Subject: Re: PostgreSQL + SSL - sun.security.validator.ValidatorException