On Sun, 04 Dec 2011 20:09:09 +0100, Florent Guillaume wrote:
> Hi,
>
> You have to install the certificate in the Java keystore using
> "keytool". See
> http://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html for
> a quick overview.
> A more detailed doc is at
> http://docs.oracle.com/javaee/1.4/tutorial/doc/Security6.html
>
> Florent
>
> On Sun, Dec 4, 2011 at 5:40 PM, Walter Hurry <walterhurry@lavabit.com>
> wrote:
>> First of all, I am sorry if this is the wrong place to ask. If it is,
>> perhaps someone could direct me to the right arena.
>>
>> This is PostgreSQL 9.0.1 with PostgreSQL JDBC 9.1.901.
>>
>> I have successfully set up one of my databases to require SSL
>> connections with a certificate, and installed a certificate into
>> $HOME/.postgresql. That directory contains postgresql.crt,
>> postgresql.key and root.crt.
>>
>> I can connect successfully using psql and libpq applications. The
>> connection is also rejected properly if I move the certificate out of
>> the way.
>>
>> Now I am trying to connect using JDBC and SSL from a Java application
>> (JDBC is fine without SSL on another database). However, I am getting
>> the following error:
>>
>> FATAL: connection requires a valid client certificate
>>
>> So it appears that somehow I need to "tell" Java where to find the
>> client certificate. Any pointers as to how I do this please?
>>
>> By the way, since this is a self-signed certificate I have followed the
>> instructions at <http://jdbc.postgresql.org/documentation/81/ssl-
>> client.html>. These succeeded, but I am still getting the error.
>>
>> Thanks,
>> Walter
Thanks for the reply, Florent. I have followed the instructions yu
mentioned carefully, and am now invoking the class with:
java -Djava.security.manager -Djava.security.policy=clientpolicy
<classname>
but I am getting:
Your security policy has prevented the connection from being attempted.
You probably need to grant the connect java.net.SocketPermission to the
database server host and port that you wish to connect to.
Where do I go from here?
Thanks again,
Walter