Postgres Pro
Downloads
Home   >   mailing lists

Re: could not accept SSL connection: sslv3 alert bad certificate - Mailing list pgsql-general

From Marco Ippolito
Subject Re: could not accept SSL connection: sslv3 alert bad certificate
Date
Msg-id CAFegzBRrf2e__MXVoKZ8noHW4nY4DGSd6r1E8nM8rLnG6BZTdw@mail.gmail.com
Whole thread Raw
In response to Re: could not accept SSL connection: sslv3 alert bad certificate  (Adrian Klaver <adrian.klaver@aklaver.com>)
Responses Re: could not accept SSL connection: sslv3 alert bad certificate
List pgsql-general
Tree view
Hi Adrian,
putting in /fabric/fabric-ca/fabric-ca-server-config.yaml :

db:
  type: postgres
  datasource: host=localhost port=5433 user=fabmnet_admin password=fabmnet1971 dbname=fabmnetdb sslmode=verify-ca

this is the result:

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b admin:adminpw
2019/09/26 09:44:39 [INFO] Configuration file location: /home/marco/fabric/fabric-ca/fabric-ca-server-config.yaml
2019/09/26 09:44:39 [INFO] Starting server in home directory: /home/marco/fabric/fabric-ca
2019/09/26 09:44:39 [INFO] Server Version: 1.4.4
2019/09/26 09:44:39 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/26 09:44:39 [INFO] The CA key and certificate already exist
2019/09/26 09:44:39 [INFO] The key is stored by BCCSP provider 'SW'
2019/09/26 09:44:39 [INFO] The certificate is at: /home/marco/fabric/fabric-ca/ca-cert.pem
2019/09/26 09:44:39 [ERROR] Error occurred initializing database: Failed to create Postgres database: Failed to execute create database query: pq: permission denied to create database
2019/09/26 09:44:39 [INFO] Home directory for default CA: /home/marco/fabric/fabric-ca
2019/09/26 09:44:39 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/26 09:44:39 [INFO] Listening on http://0.0.0.0:7054

and the corresponding log in /var/log/postgresql/postgresql-11-fabmnet.log :

2019-09-26 09:21:11.605 CEST [1132] LOG:  received fast shutdown request
2019-09-26 09:21:11.613 CEST [1132] LOG:  aborting any active transactions
2019-09-26 09:21:11.615 CEST [1132] LOG:  background worker "logical replication launcher" (PID 1169) exited with exit code 1
2019-09-26 09:21:11.616 CEST [1161] LOG:  shutting down
2019-09-26 09:21:11.643 CEST [1132] LOG:  database system is shut down
2019-09-26 09:21:57.370 CEST [1077] LOG:  listening on IPv6 address "::1", port 5433
2019-09-26 09:21:57.370 CEST [1077] LOG:  listening on IPv4 address "127.0.0.1", port 5433
2019-09-26 09:21:57.372 CEST [1077] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5433"
2019-09-26 09:21:57.426 CEST [1124] LOG:  database system was shut down at 2019-09-26 09:21:11 CEST
2019-09-26 09:21:57.446 CEST [1077] LOG:  database system is ready to accept connections
2019-09-26 09:21:58.040 CEST [1147] [unknown]@[unknown] LOG:  incomplete startup packet
2019-09-26 09:44:39.374 CEST [2902] fabmnet_admin@fabmnetdb ERROR:  permission denied to create database
2019-09-26 09:44:39.374 CEST [2902] fabmnet_admin@fabmnetdb STATEMENT:  CREATE DATABASE fabmnetdb

Putting in /home/marco/fabric/fabric-ca/fabric-ca-serve-config.yaml :

db:
  type: postgres
  datasource: host=localhost port=5433 user=fabmnet_admin password=fabmnet1971 dbname=fabmnetdb sslmode=require

again the same error message:

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b admin:adminpw
2019/09/26 10:08:27 [INFO] Configuration file location: /home/marco/fabric/fabric-ca/fabric-ca-server-config.yaml
2019/09/26 10:08:27 [INFO] Starting server in home directory: /home/marco/fabric/fabric-ca
2019/09/26 10:08:27 [INFO] Server Version: 1.4.4
2019/09/26 10:08:27 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/26 10:08:27 [INFO] The CA key and certificate already exist
2019/09/26 10:08:27 [INFO] The key is stored by BCCSP provider 'SW'
2019/09/26 10:08:27 [INFO] The certificate is at: /home/marco/fabric/fabric-ca/ca-cert.pem
2019/09/26 10:08:27 [ERROR] Error occurred initializing database: Failed to create Postgres database: Failed to execute create database query: pq: permission denied to create database
2019/09/26 10:08:27 [INFO] Home directory for default CA: /home/marco/fabric/fabric-ca
2019/09/26 10:08:27 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/26 10:08:27 [INFO] Listening on http://0.0.0.0:7054

and the corresponding portion of the log file:

2019-09-26 10:08:27.947 CEST [3728] fabmnet_admin@fabmnetdb ERROR:  permission denied to create database
2019-09-26 10:08:27.947 CEST [3728] fabmnet_admin@fabmnetdb STATEMENT:  CREATE DATABASE fabmnetdb

I do not undertand...

Marco

Il giorno gio 26 set 2019 alle ore 02:07 Adrian Klaver <adrian.klaver@aklaver.com> ha scritto:
On 9/25/19 12:34 PM, Marco Ippolito wrote:
> Following the indications here:
> https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#configuring-the-database
> I'm trying to understand how to correctly set Fabric-CA with a
> PostgreSQL-11 database in Ubuntu 18.04.02 Server Edition.
>

> This is the corresponding part in
> /var/log/postgresql/postgresql-11-fabmnet.log :
>
>      2019-09-25 20:51:52.655 CEST [1096] LOG:  listening on IPv6 address
> "::1",
>      port 5433
>      2019-09-25 20:51:52.673 CEST [1096] LOG:  listening on IPv4 address
>      "127.0.0.1", port 5433
>      2019-09-25 20:51:52.701 CEST [1096] LOG:  listening on Unix socket
>      "/var/run/postgresql/.s.PGSQL.5433"
>      2019-09-25 20:51:52.912 CEST [1171] LOG:  database system was
> interrupted;
>       last known up at 2019-09-25 09:50:30 CEST
>      2019-09-25 20:51:53.001 CEST [1171] LOG:  database system was not
> properly
>       shut down; automatic recovery in progress
>      2019-09-25 20:51:53.011 CEST [1171] LOG:  redo starts at 0/1668238
>      2019-09-25 20:51:53.011 CEST [1171] LOG:  invalid record length at
>      0/1668318: wanted 24, got 0
>      2019-09-25 20:51:53.011 CEST [1171] LOG:  redo done at 0/16682E0
>      2019-09-25 20:51:53.043 CEST [1096] LOG:  database system is ready to
>      accept connections
>      2019-09-25 20:51:53.569 CEST [1206] [unknown]@[unknown] LOG:
>   incomplete
>      startup packet
>      2019-09-25 20:56:57.540 CEST [4620] [unknown]@[unknown] LOG:  could
> not
>      accept SSL connection: sslv3 alert bad certificate
>      2019-09-25 20:56:57.543 CEST [4622] [unknown]@[unknown] LOG:  could not
>      accept SSL connection: sslv3 alert bad certificate
>      2019-09-25 20:56:57.544 CEST [4623] [unknown]@[unknown] LOG:  could
> not
>      accept SSL connection: sslv3 alert bad certificate
>

Aargh, I missed the part above.

What happens if you remove the sslmode=verify-full from the *.yaml file?

>
>      And this is the db's configuration in (base) marco@pc:~$ nano
> ./fabric/fabric-ca/fabric-ca-
>      server-config.yaml :
>
>      db:
>        type: postgres
>        datasource: host=localhost port=5433 user=fabmnet_admin
> password=pwd dbname=fabmnetdb
>      sslmode=verify-full
>
>
> How to correctly set up SSL connection to PostgresSQL-11 db?
>
> Looking forward to your kind help
> Marco


--
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-general by date:

Previous
From: Krishnakant Mane
Date:
Subject: Re: managing primary key conflicts while restoring data to table withexisting data
Next
From: Marco Ippolito
Date:
Subject: Re: could not accept SSL connection: sslv3 alert bad certificate