Re: SSL Problem - Mailing list pgsql-jdbc

From José Carlos Stevenson
Subject Re: SSL Problem
Date
Msg-id cd8r3a$18jn$1@news.hub.org
Whole thread Raw
In response to Re: SSL Problem  ("Stefano Bonnin" <stefano.bonnin@comai.to>)
Responses Re: SSL Problem
List pgsql-jdbc
Dear Stefano and Kris,

I've been using JWS to deploy an application that uses postgresql.
I've configured pg to use MD5 for a minimum of security (user and
passwd) - how can I deploy an app that uses SSL WITHOUT having to run
keytool on each machine?
Can I "show" the certificate (self signed) and ask the user if he/she
would like to accept it as valied? Is thera a HOWTO anywhere or some
sample code showing how to do that?
I also have the same problem using LDAP (and OpenLDAP)...

Thanks in advance,
José Carlos Stevenson.

Stefano Bonnin wrote:
> Problem solved.
>
> I copied the certificate that I created on the server to the client and then
> I execute "keytool" on the client.
> So, every time that I install my application on a new PC I have to execute
> keytool operation on that machine.
>
> Thaks for the help.
> RedS
> ----- Original Message -----
> From: "Kris Jurka" <books@ejurka.com>
> To: "Stefano Bonnin" <stefano.bonnin@comai.to>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Thursday, July 15, 2004 8:18 PM
> Subject: Re: [JDBC] SSL Problem
>
>
>
>>
>>On Thu, 15 Jul 2004, Stefano Bonnin wrote:
>>
>>
>>>2004-07-15 14:03:40 LOG:  could not load root certificate file
>>>"/usr/local/pgsql-7.4.2/bin/../../pgsql-7.4.1/data/root.crt": No such
>
> file
>
>>>or directory
>>>DETAIL:  Will not verify client certificates.
>>
>>This is fine.  You do not need a root.crt file.   This is used to
>>authenticate clients to the server which is optional and not necessary to
>>establish a SSL connection.
>>
>>Again the problem seems to be that you have not made the server cert
>>available to the connecting jvm.  Adding -Djavax.net.debug=ssl to your
>>java command will produce a lot of debug information, but will likely
>>confirm this.  The key line will be in the first part of the output where
>>it displays which trustStore you are using.  The server cert must be in
>>this file.
>>
>>Kris Jurka
>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 5: Have you checked our extensive FAQ?
>>
>>               http://www.postgresql.org/docs/faqs/FAQ.html
>>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo@postgresql.org so that your
>       message can get through to the mailing list cleanly
>

pgsql-jdbc by date:

Previous
From: "Chris Smith"
Date:
Subject: Re: Adding JDK1.5 removing 1.1 support.
Next
From: Kris Jurka
Date:
Subject: Re: SSL Problem