Re: ssl connection issues - Mailing list pgsql-jdbc
tlsProperties.setProperty(SSL_PASSWORD.getName(),"");
or the correct ssl password should work
From an outside SA view, I have to ask, did you import your cert into the JAVA cacerts file?
I see a slew of SSL application problems weekly that are generated by the local JAVA installation not
Having any generated/local host certs imported used by developer applications. If you have multiple versions
Of java ensure you import your cert into each of their cacerts. This is more a problem on windows than linux.
James Davis
SSAI contractor
Lites II Systems Administrator
NASA Langley Research Center
Hampton, VA. 23666
Office: 757-864-2731
Cell: 757-580-6398
From: Gabriele Bulfon <gabriele.bulfon@sonicle.com>
Reply-To: Gabriele Bulfon <gabriele.bulfon@sonicle.com>
Date: Thursday, September 20, 2018 at 5:16 AM
To: zloster <more@edno.moe>, Dave Cramer <pg@fastcrypt.com>
Cc: Alexander Kjäll <alexander.kjall@gmail.com>, "pgsql-jdbc@lists.postgresql.org" <pgsql-jdbc@lists.postgresql.org>
Subject: Re: ssl connection issues
Thanks, I tried enabling all the client debug infos, but didn't get much from them.
I will try to create certs from scratch, using the openssl tool instead of easy-rsa, and see if something changes.
Gabriele
-= Sent using Webtop 5 =-
Gabriele Bulfon - Sonicle S.r.l.
Tel +39 028246016 - Fax +39 028243880
Strada 6, Palazzo A13 - 20090 - Assago Milanofiori - MI
http://www.sonicle.com
Da: zloster <more@edno.moe>
A: Dave Cramer <pg@fastcrypt.com>Gabriele Bulfon <gbulfon@sonicle.com>
Cc: Alexander Kjäll <alexander.kjall@gmail.com>pgsql-jdbc@lists.postgresql.org
Data: 19 settembre 2018 9.21.03 CEST
Oggetto: Re: ssl connection issuesOn 18.09.2018 18:27, Dave Cramer wrote:
On Tue, 18 Sep 2018 at 11:23, Gabriele Bulfon <gbulfon@sonicle.com> wrote:
The only server cert known to me that is needed to the client is the root.crt (the ca cert) of the server used to sign the client cert.
These three files are all that is needed to the odbc driver, to the native navicat dll connection, and to any other certs-based ssl connection such as openvpn.
Actually the jdbc code is not complaining about the certs (if I remove any of them it will complain), something is going wrong during the ssl handshake that I cannot understand.
Is there any way to log more stuff on the server postgres.log about the ssl handshake?
I'm sure there is but I don't know how. The server is not my domain.
Try connecting with psql. If you can connect with that then JDBC should be able to connect.
Dave Cramer
davec@postgresintl.comHi to all,
IMO it will be better to inspect the SSL/TLS handshake at the client - the machine that is initiating the connection to the PostgreSQL server through the JDBC driver.
Here are some links with the basic stuff about debugging the SSL/TLS connections with the JVM:
- https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https - this is an introduction document. It points to the following two pages. The first is describing what debug tools are available and the second shows how to read the debug output:
- https://access.redhat.com/solutions/973783 - same as the above but in Q&A style
I've used the debug output once - I've needed to investigate why communication with test HTTPS endpoint is working from a browser but not from a Java 8 program. After nearly one day of looking at the connection logs the problem turned out to be in the certificate chain - the browser was happy with the intermediate certificates, but the JVM was not.
Best regards,
zloster
pgsql-jdbc by date: