Re: SSL Problem - Mailing list pgsql-jdbc
| From | José Carlos Stevenson |
|---|---|
| Subject | Re: SSL Problem |
| Date | |
| Msg-id | cd8r3a$18jn$1@news.hub.org Whole thread Raw |
| In response to | Re: SSL Problem ("Stefano Bonnin" <stefano.bonnin@comai.to>) |
| Responses |
Re: SSL Problem
|
| List | pgsql-jdbc |
Dear Stefano and Kris, I've been using JWS to deploy an application that uses postgresql. I've configured pg to use MD5 for a minimum of security (user and passwd) - how can I deploy an app that uses SSL WITHOUT having to run keytool on each machine? Can I "show" the certificate (self signed) and ask the user if he/she would like to accept it as valied? Is thera a HOWTO anywhere or some sample code showing how to do that? I also have the same problem using LDAP (and OpenLDAP)... Thanks in advance, José Carlos Stevenson. Stefano Bonnin wrote: > Problem solved. > > I copied the certificate that I created on the server to the client and then > I execute "keytool" on the client. > So, every time that I install my application on a new PC I have to execute > keytool operation on that machine. > > Thaks for the help. > RedS > ----- Original Message ----- > From: "Kris Jurka" <books@ejurka.com> > To: "Stefano Bonnin" <stefano.bonnin@comai.to> > Cc: <pgsql-jdbc@postgresql.org> > Sent: Thursday, July 15, 2004 8:18 PM > Subject: Re: [JDBC] SSL Problem > > > >> >>On Thu, 15 Jul 2004, Stefano Bonnin wrote: >> >> >>>2004-07-15 14:03:40 LOG: could not load root certificate file >>>"/usr/local/pgsql-7.4.2/bin/../../pgsql-7.4.1/data/root.crt": No such > > file > >>>or directory >>>DETAIL: Will not verify client certificates. >> >>This is fine. You do not need a root.crt file. This is used to >>authenticate clients to the server which is optional and not necessary to >>establish a SSL connection. >> >>Again the problem seems to be that you have not made the server cert >>available to the connecting jvm. Adding -Djavax.net.debug=ssl to your >>java command will produce a lot of debug information, but will likely >>confirm this. The key line will be in the first part of the output where >>it displays which trustStore you are using. The server cert must be in >>this file. >> >>Kris Jurka >> >>---------------------------(end of broadcast)--------------------------- >>TIP 5: Have you checked our extensive FAQ? >> >> http://www.postgresql.org/docs/faqs/FAQ.html >> > > > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly >
pgsql-jdbc by date: