Thread: JDBC with SSL
Hello,
The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say they include support for SSL. I can set up the server to use SSL, but I can't seem to get the JDBC driver to actually connect using SSL. Is there any documentation on this? Or is there a specific parameter I am supposed to include in the connection URL?
Any help in this would be appreciated.
John Laban
John, This hasn't yet made it to the documentation. but adding ?ssl to the url should be what you need. (also consider using &loglevel=2 to turn on debugging info). --Barry John Laban wrote: > Hello, > > The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say they include support for SSL. I can set up theserver to use SSL, but I can't seem to get the JDBC driver to actually connect using SSL. Is there any documentationon this? Or is there a specific parameter I am supposed to include in the connection URL? > > Any help in this would be appreciated. > > John Laban >
Thanks for the quick reply, but I'm still having some difficulty.
I have been trying to connect to postgresql (redhat version 7.2.3.1) using
JDBC and SSL - I am using the 7.4 development driver.
I know that the server side is set up correctly because when connecting
using psql the connection is established using SSL.
However when connecting via JDBC I receive
PostgreSQL 7.4devel JDBC3 with SSL (build 204)
ssl = true
compatible = 7.4
loglevel = 2
Asking server if it supports ssl
Server response was (S=Yes,N=No): S
server does support ssl
converting regular socket connection to ssl
at org.postgresql.core.PGStream.flush(PGStream.java:364)
at
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
nection.java:269)
at org.postgresql.Driver.connect(Driver.java:137)
at java.sql.DriverManager.getConnection(DriverManager.java:512)
at java.sql.DriverManager.getConnection(DriverManager.java:140)
at docextractor.test.main(test.java:35)
Exception: An I/O error has occured while flushing the output - Exception:
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted certificate
Stack Trace:
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted certificate
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at org.postgresql.core.PGStream.flush(PGStream.java:360)
at
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
nection.java:269)
at org.postgresql.Driver.connect(Driver.java:137)
at java.sql.DriverManager.getConnection(DriverManager.java:512)
at java.sql.DriverManager.getConnection(DriverManager.java:140)
at docextractor.test.main(test.java:35)
Caused by: java.security.cert.CertificateException: Couldn't find trusted
certificate
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
275)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
275)
... 15 more
End of Stack Trace
At the server side I get
Failed to inititalize SSL Connection: sslv3 alert certificate unknown
(Success)
I have not been able to find any clear resolutions to this problem. If
someone can shed some light on a solution to this problem it would be
greatly appreciated.
----- Original Message -----
From: "Barry Lind" <blind@xythos.com>
To: "John Laban" <johnl@infotn.com>
Cc: <pgsql-jdbc@postgresql.org>
Sent: Thursday, March 27, 2003 5:58 PM
Subject: Re: [JDBC] JDBC with SSL
> John,
>
> This hasn't yet made it to the documentation.
>
> but adding ?ssl to the url should be what you need. (also consider
> using &loglevel=2 to turn on debugging info).
>
> --Barry
>
> John Laban wrote:
> > Hello,
> >
> > The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say
they include support for SSL. I can set up the server to use SSL, but I
can't seem to get the JDBC driver to actually connect using SSL. Is there
any documentation on this? Or is there a specific parameter I am supposed
to include in the connection URL?
> >
> > Any help in this would be appreciated.
> >
> > John Laban
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html
John, The error message indicates that your client doesn't trust the servers certificate. My guess is that you are using a self-signed certificate on the server. If you want to be able to connect you are going to need to import that certificate into the client side java certificate store so that it recognizes the self-signed certificate as valid and trusted. thanks, --Barry John Laban wrote: > Thanks for the quick reply, but I'm still having some difficulty. > > I have been trying to connect to postgresql (redhat version 7.2.3.1) using > JDBC and SSL - I am using the 7.4 development driver. > > I know that the server side is set up correctly because when connecting > using psql the connection is established using SSL. > > > However when connecting via JDBC I receive > > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204) > > ssl = true > > compatible = 7.4 > > loglevel = 2 > > Asking server if it supports ssl > > Server response was (S=Yes,N=No): S > > server does support ssl > > converting regular socket connection to ssl > > > > at org.postgresql.core.PGStream.flush(PGStream.java:364) > > at > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > nection.java:269) > > at org.postgresql.Driver.connect(Driver.java:137) > > at java.sql.DriverManager.getConnection(DriverManager.java:512) > > at java.sql.DriverManager.getConnection(DriverManager.java:140) > > at docextractor.test.main(test.java:35) > > > Exception: An I/O error has occured while flushing the output - Exception: > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: Couldn't find trusted certificate > > Stack Trace: > > > > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: Couldn't find trusted certificate > > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) > > at > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69) > > at > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127) > > at org.postgresql.core.PGStream.flush(PGStream.java:360) > > at > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > nection.java:269) > > at org.postgresql.Driver.connect(Driver.java:137) > > at java.sql.DriverManager.getConnection(DriverManager.java:512) > > at java.sql.DriverManager.getConnection(DriverManager.java:140) > > at docextractor.test.main(test.java:35) > > > Caused by: java.security.cert.CertificateException: Couldn't find trusted > certificate > > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275) > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6 > 275) > > at > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6 > 275) > > ... 15 more > > > End of Stack Trace > > > > > > At the server side I get > > > > Failed to inititalize SSL Connection: sslv3 alert certificate unknown > (Success) > > > > > I have not been able to find any clear resolutions to this problem. If > someone can shed some light on a solution to this problem it would be > greatly appreciated. > > > > ----- Original Message ----- > From: "Barry Lind" <blind@xythos.com> > To: "John Laban" <johnl@infotn.com> > Cc: <pgsql-jdbc@postgresql.org> > Sent: Thursday, March 27, 2003 5:58 PM > Subject: Re: [JDBC] JDBC with SSL > > > >>John, >> >>This hasn't yet made it to the documentation. >> >>but adding ?ssl to the url should be what you need. (also consider >>using &loglevel=2 to turn on debugging info). >> >>--Barry >> >>John Laban wrote: >> >>>Hello, >>> >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say > > they include support for SSL. I can set up the server to use SSL, but I > can't seem to get the JDBC driver to actually connect using SSL. Is there > any documentation on this? Or is there a specific parameter I am supposed > to include in the connection URL? > >>>Any help in this would be appreciated. >>> >>>John Laban >>> >> >> >>---------------------------(end of broadcast)--------------------------- >>TIP 5: Have you checked our extensive FAQ? >> >>http://www.postgresql.org/docs/faqs/FAQ.html > > > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org >
Hello again, I have made numerous attempts to import the certificate from the server to the client machine using java keytool with no success - the keytool complains that the file is not a valid X.509 format. Additionally, for my application, only the encryption of the channel is important so if it is possible to create an ssl connection without the authentication portion that would be the best solution. However I would still appreciate any information on how to import the certificate (as generated using the Postgresql documention) into the java certificate store. ----- Original Message ----- From: "Barry Lind" <blind@xythos.com> To: "John Laban" <johnl@infotn.com> Cc: <pgsql-jdbc@postgresql.org> Sent: Friday, March 28, 2003 11:11 AM Subject: Re: [JDBC] JDBC with SSL > John, > > The error message indicates that your client doesn't trust the servers > certificate. My guess is that you are using a self-signed certificate > on the server. If you want to be able to connect you are going to need > to import that certificate into the client side java certificate store > so that it recognizes the self-signed certificate as valid and trusted. > > thanks, > --Barry > > > John Laban wrote: > > Thanks for the quick reply, but I'm still having some difficulty. > > > > I have been trying to connect to postgresql (redhat version 7.2.3.1) using > > JDBC and SSL - I am using the 7.4 development driver. > > > > I know that the server side is set up correctly because when connecting > > using psql the connection is established using SSL. > > > > > > However when connecting via JDBC I receive > > > > > > > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204) > > > > ssl = true > > > > compatible = 7.4 > > > > loglevel = 2 > > > > Asking server if it supports ssl > > > > Server response was (S=Yes,N=No): S > > > > server does support ssl > > > > converting regular socket connection to ssl > > > > > > > > at org.postgresql.core.PGStream.flush(PGStream.java:364) > > > > at > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > > nection.java:269) > > > > at org.postgresql.Driver.connect(Driver.java:137) > > > > at java.sql.DriverManager.getConnection(DriverManager.java:512) > > > > at java.sql.DriverManager.getConnection(DriverManager.java:140) > > > > at docextractor.test.main(test.java:35) > > > > > > Exception: An I/O error has occured while flushing the output - Exception: > > javax.net.ssl.SSLHandshakeException: > > java.security.cert.CertificateException: Couldn't find trusted certificate > > > > Stack Trace: > > > > > > > > javax.net.ssl.SSLHandshakeException: > > java.security.cert.CertificateException: Couldn't find trusted certificate > > > > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > at > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) > > > > at > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69) > > > > at > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127) > > > > at org.postgresql.core.PGStream.flush(PGStream.java:360) > > > > at > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > > nection.java:269) > > > > at org.postgresql.Driver.connect(Driver.java:137) > > > > at java.sql.DriverManager.getConnection(DriverManager.java:512) > > > > at java.sql.DriverManager.getConnection(DriverManager.java:140) > > > > at docextractor.test.main(test.java:35) > > > > > > Caused by: java.security.cert.CertificateException: Couldn't find trusted > > certificate > > > > > > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275) > > > > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6 > > 275) > > > > at > > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6 > > 275) > > > > ... 15 more > > > > > > End of Stack Trace > > > > > > > > > > > > At the server side I get > > > > > > > > Failed to inititalize SSL Connection: sslv3 alert certificate unknown > > (Success) > > > > > > > > > > I have not been able to find any clear resolutions to this problem. If > > someone can shed some light on a solution to this problem it would be > > greatly appreciated. > > > > > > > > ----- Original Message ----- > > From: "Barry Lind" <blind@xythos.com> > > To: "John Laban" <johnl@infotn.com> > > Cc: <pgsql-jdbc@postgresql.org> > > Sent: Thursday, March 27, 2003 5:58 PM > > Subject: Re: [JDBC] JDBC with SSL > > > > > > > >>John, > >> > >>This hasn't yet made it to the documentation. > >> > >>but adding ?ssl to the url should be what you need. (also consider > >>using &loglevel=2 to turn on debugging info). > >> > >>--Barry > >> > >>John Laban wrote: > >> > >>>Hello, > >>> > >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say > > > > they include support for SSL. I can set up the server to use SSL, but I > > can't seem to get the JDBC driver to actually connect using SSL. Is there > > any documentation on this? Or is there a specific parameter I am supposed > > to include in the connection URL? > > > >>>Any help in this would be appreciated. > >>> > >>>John Laban > >>> > >> > >> > >>---------------------------(end of broadcast)--------------------------- > >>TIP 5: Have you checked our extensive FAQ? > >> > >>http://www.postgresql.org/docs/faqs/FAQ.html > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 6: Have you searched our list archives? > > > > http://archives.postgresql.org > > > > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org
You can set the security provider (or something similar, read the security docs) to your own implementation to permit any certificate. You can do this on app initialization. I did it once but forget how :D HTH, Csaba. On Fri, 2003-03-28 at 18:06, John Laban wrote: > Hello again, > > I have made numerous attempts to import the certificate from the server to > the client machine using java keytool with no success - the keytool > complains that the file is not a valid X.509 format. > > Additionally, for my application, only the encryption of the channel is > important so if it is possible to create an ssl connection without the > authentication portion that would be the best solution. > > > However I would still appreciate any information on how to import the > certificate (as generated using the Postgresql documention) into the java > certificate store. > > > > ----- Original Message ----- > From: "Barry Lind" <blind@xythos.com> > To: "John Laban" <johnl@infotn.com> > Cc: <pgsql-jdbc@postgresql.org> > Sent: Friday, March 28, 2003 11:11 AM > Subject: Re: [JDBC] JDBC with SSL > > > > John, > > > > The error message indicates that your client doesn't trust the servers > > certificate. My guess is that you are using a self-signed certificate > > on the server. If you want to be able to connect you are going to need > > to import that certificate into the client side java certificate store > > so that it recognizes the self-signed certificate as valid and trusted. > > > > thanks, > > --Barry > > > > > > John Laban wrote: > > > Thanks for the quick reply, but I'm still having some difficulty. > > > > > > I have been trying to connect to postgresql (redhat version 7.2.3.1) > using > > > JDBC and SSL - I am using the 7.4 development driver. > > > > > > I know that the server side is set up correctly because when connecting > > > using psql the connection is established using SSL. > > > > > > > > > However when connecting via JDBC I receive > > > > > > > > > > > > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204) > > > > > > ssl = true > > > > > > compatible = 7.4 > > > > > > loglevel = 2 > > > > > > Asking server if it supports ssl > > > > > > Server response was (S=Yes,N=No): S > > > > > > server does support ssl > > > > > > converting regular socket connection to ssl > > > > > > > > > > > > at org.postgresql.core.PGStream.flush(PGStream.java:364) > > > > > > at > > > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > > > nection.java:269) > > > > > > at org.postgresql.Driver.connect(Driver.java:137) > > > > > > at > java.sql.DriverManager.getConnection(DriverManager.java:512) > > > > > > at > java.sql.DriverManager.getConnection(DriverManager.java:140) > > > > > > at docextractor.test.main(test.java:35) > > > > > > > > > Exception: An I/O error has occured while flushing the output - > Exception: > > > javax.net.ssl.SSLHandshakeException: > > > java.security.cert.CertificateException: Couldn't find trusted > certificate > > > > > > Stack Trace: > > > > > > > > > > > > javax.net.ssl.SSLHandshakeException: > > > java.security.cert.CertificateException: Couldn't find trusted > certificate > > > > > > at > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > at > > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) > > > > > > at > > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69) > > > > > > at > > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127) > > > > > > at org.postgresql.core.PGStream.flush(PGStream.java:360) > > > > > > at > > > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > > > nection.java:269) > > > > > > at org.postgresql.Driver.connect(Driver.java:137) > > > > > > at > java.sql.DriverManager.getConnection(DriverManager.java:512) > > > > > > at > java.sql.DriverManager.getConnection(DriverManager.java:140) > > > > > > at docextractor.test.main(test.java:35) > > > > > > > > > Caused by: java.security.cert.CertificateException: Couldn't find > trusted > > > certificate > > > > > > > > > at > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275) > > > > > > at > > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6 > > > 275) > > > > > > at > > > > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6 > > > 275) > > > > > > ... 15 more > > > > > > > > > End of Stack Trace > > > > > > > > > > > > > > > > > > At the server side I get > > > > > > > > > > > > Failed to inititalize SSL Connection: sslv3 alert certificate unknown > > > (Success) > > > > > > > > > > > > > > > I have not been able to find any clear resolutions to this problem. If > > > someone can shed some light on a solution to this problem it would be > > > greatly appreciated. > > > > > > > > > > > > ----- Original Message ----- > > > From: "Barry Lind" <blind@xythos.com> > > > To: "John Laban" <johnl@infotn.com> > > > Cc: <pgsql-jdbc@postgresql.org> > > > Sent: Thursday, March 27, 2003 5:58 PM > > > Subject: Re: [JDBC] JDBC with SSL > > > > > > > > > > > >>John, > > >> > > >>This hasn't yet made it to the documentation. > > >> > > >>but adding ?ssl to the url should be what you need. (also consider > > >>using &loglevel=2 to turn on debugging info). > > >> > > >>--Barry > > >> > > >>John Laban wrote: > > >> > > >>>Hello, > > >>> > > >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) > say > > > > > > they include support for SSL. I can set up the server to use SSL, but I > > > can't seem to get the JDBC driver to actually connect using SSL. Is > there > > > any documentation on this? Or is there a specific parameter I am > supposed > > > to include in the connection URL? > > > > > >>>Any help in this would be appreciated. > > >>> > > >>>John Laban > > >>> > > >> > > >> > > >>---------------------------(end of broadcast)--------------------------- > > >>TIP 5: Have you checked our extensive FAQ? > > >> > > >>http://www.postgresql.org/docs/faqs/FAQ.html > > > > > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > > TIP 6: Have you searched our list archives? > > > > > > http://archives.postgresql.org > > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 6: Have you searched our list archives? > > > > http://archives.postgresql.org > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster >
John, I have done this before, but I don't remember the exact steps. Java is very particular about the formats of certs it accepts. I ended up doing a google search and found some good instructions on how to get java to import an openssl created cert. Unfortunately I didn't keep those instructions. --Barry John Laban wrote: > Hello again, > > I have made numerous attempts to import the certificate from the server to > the client machine using java keytool with no success - the keytool > complains that the file is not a valid X.509 format. > > Additionally, for my application, only the encryption of the channel is > important so if it is possible to create an ssl connection without the > authentication portion that would be the best solution. > > > However I would still appreciate any information on how to import the > certificate (as generated using the Postgresql documention) into the java > certificate store. > > > > ----- Original Message ----- > From: "Barry Lind" <blind@xythos.com> > To: "John Laban" <johnl@infotn.com> > Cc: <pgsql-jdbc@postgresql.org> > Sent: Friday, March 28, 2003 11:11 AM > Subject: Re: [JDBC] JDBC with SSL > > > >>John, >> >>The error message indicates that your client doesn't trust the servers >>certificate. My guess is that you are using a self-signed certificate >>on the server. If you want to be able to connect you are going to need >>to import that certificate into the client side java certificate store >>so that it recognizes the self-signed certificate as valid and trusted. >> >>thanks, >>--Barry >> >> >>John Laban wrote: >> >>>Thanks for the quick reply, but I'm still having some difficulty. >>> >>>I have been trying to connect to postgresql (redhat version 7.2.3.1) > > using > >>>JDBC and SSL - I am using the 7.4 development driver. >>> >>>I know that the server side is set up correctly because when connecting >>>using psql the connection is established using SSL. >>> >>> >>>However when connecting via JDBC I receive >>> >>> >>> >>> >>>PostgreSQL 7.4devel JDBC3 with SSL (build 204) >>> >>> ssl = true >>> >>> compatible = 7.4 >>> >>> loglevel = 2 >>> >>>Asking server if it supports ssl >>> >>>Server response was (S=Yes,N=No): S >>> >>>server does support ssl >>> >>>converting regular socket connection to ssl >>> >>> >>> >>> at org.postgresql.core.PGStream.flush(PGStream.java:364) >>> >>> at >>> > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > >>>nection.java:269) >>> >>> at org.postgresql.Driver.connect(Driver.java:137) >>> >>> at > > java.sql.DriverManager.getConnection(DriverManager.java:512) > >>> at > > java.sql.DriverManager.getConnection(DriverManager.java:140) > >>> at docextractor.test.main(test.java:35) >>> >>> >>>Exception: An I/O error has occured while flushing the output - > > Exception: > >>>javax.net.ssl.SSLHandshakeException: >>>java.security.cert.CertificateException: Couldn't find trusted > > certificate > >>>Stack Trace: >>> >>> >>> >>>javax.net.ssl.SSLHandshakeException: >>>java.security.cert.CertificateException: Couldn't find trusted > > certificate > >>> at > > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) >>> >>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) >>> >>> at >>>com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) >>> >>> at >>>java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69) >>> >>> at >>>java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127) >>> >>> at org.postgresql.core.PGStream.flush(PGStream.java:360) >>> >>> at >>> > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > >>>nection.java:269) >>> >>> at org.postgresql.Driver.connect(Driver.java:137) >>> >>> at > > java.sql.DriverManager.getConnection(DriverManager.java:512) > >>> at > > java.sql.DriverManager.getConnection(DriverManager.java:140) > >>> at docextractor.test.main(test.java:35) >>> >>> >>>Caused by: java.security.cert.CertificateException: Couldn't find > > trusted > >>>certificate >>> >>> >>> at >>>com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275) >>> >>> at >>> > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6 > >>>275) >>> >>> at >>> > > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6 > >>>275) >>> >>> ... 15 more >>> >>> >>>End of Stack Trace >>> >>> >>> >>> >>> >>>At the server side I get >>> >>> >>> >>>Failed to inititalize SSL Connection: sslv3 alert certificate unknown >>>(Success) >>> >>> >>> >>> >>>I have not been able to find any clear resolutions to this problem. If >>>someone can shed some light on a solution to this problem it would be >>>greatly appreciated. >>> >>> >>> >>>----- Original Message ----- >>>From: "Barry Lind" <blind@xythos.com> >>>To: "John Laban" <johnl@infotn.com> >>>Cc: <pgsql-jdbc@postgresql.org> >>>Sent: Thursday, March 27, 2003 5:58 PM >>>Subject: Re: [JDBC] JDBC with SSL >>> >>> >>> >>> >>>>John, >>>> >>>>This hasn't yet made it to the documentation. >>>> >>>>but adding ?ssl to the url should be what you need. (also consider >>>>using &loglevel=2 to turn on debugging info). >>>> >>>>--Barry >>>> >>>>John Laban wrote: >>>> >>>> >>>>>Hello, >>>>> >>>>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) > > say > >>>they include support for SSL. I can set up the server to use SSL, but I >>>can't seem to get the JDBC driver to actually connect using SSL. Is > > there > >>>any documentation on this? Or is there a specific parameter I am > > supposed > >>>to include in the connection URL? >>> >>> >>>>>Any help in this would be appreciated. >>>>> >>>>>John Laban >>>>> >>>> >>>> >>>>---------------------------(end of broadcast)--------------------------- >>>>TIP 5: Have you checked our extensive FAQ? >>>> >>>>http://www.postgresql.org/docs/faqs/FAQ.html >>> >>> >>> >>>---------------------------(end of broadcast)--------------------------- >>>TIP 6: Have you searched our list archives? >>> >>>http://archives.postgresql.org >>> >> >> >>---------------------------(end of broadcast)--------------------------- >>TIP 6: Have you searched our list archives? >> >>http://archives.postgresql.org > > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster >
Hi John, try this one (i hope it works) 1. open the certificate in a text editor 2. look for the line starting like this: ------ BEGIN CERTIFICATE ... 3. cut the closing section of the file ( incl. the ---- BEGIN CERTIFICATE and ---- END CERTIFICATE lines) and copy it into the file cert2.crt 4. run: $ keytool -import -alias alias_name -file cert2.crt 5. answer all questions and say that you trust this cert If you were successful can you tell me about your config? I use jdk1.3.0_02 and jsse (I know it is an old conf) and PG 7.3 and I recieve an answer as follows:"FATAL: failed to initialize SSL connection: wrong version number". I see the next in the server's log file: "FATAL: failed to initialize SSL connection: sslv3 alert handshake failure" then "FATAL: SSL SYSCALL error: Connection reset by peer" If i change the next line in the back and code : SSL_context=SSL_CTX_new(TLSv1_method()) to SSL_context=SSL_CTX_new(SSLv23_method()) and initialize the factory in the jdbc driver by using SSLv23 then everything is ok. why? regards / Istvan Nagy ----- Original Message ----- From: John Laban <johnl@infotn.com> To: Barry Lind <blind@xythos.com> Cc: <pgsql-jdbc@postgresql.org> Sent: Friday, March 28, 2003 6:06 PM Subject: Re: [JDBC] JDBC with SSL > Hello again, > > I have made numerous attempts to import the certificate from the server to > the client machine using java keytool with no success - the keytool > complains that the file is not a valid X.509 format. > > Additionally, for my application, only the encryption of the channel is > important so if it is possible to create an ssl connection without the > authentication portion that would be the best solution. > > > However I would still appreciate any information on how to import the > certificate (as generated using the Postgresql documention) into the java > certificate store. > > > > ----- Original Message ----- > From: "Barry Lind" <blind@xythos.com> > To: "John Laban" <johnl@infotn.com> > Cc: <pgsql-jdbc@postgresql.org> > Sent: Friday, March 28, 2003 11:11 AM > Subject: Re: [JDBC] JDBC with SSL > > > > John, > > > > The error message indicates that your client doesn't trust the servers > > certificate. My guess is that you are using a self-signed certificate > > on the server. If you want to be able to connect you are going to need > > to import that certificate into the client side java certificate store > > so that it recognizes the self-signed certificate as valid and trusted. > > > > thanks, > > --Barry > > > > > > John Laban wrote: > > > Thanks for the quick reply, but I'm still having some difficulty. > > > > > > I have been trying to connect to postgresql (redhat version 7.2.3.1) > using > > > JDBC and SSL - I am using the 7.4 development driver. > > > > > > I know that the server side is set up correctly because when connecting > > > using psql the connection is established using SSL. > > > > > > > > > However when connecting via JDBC I receive > > > > > > > > > > > > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204) > > > > > > ssl = true > > > > > > compatible = 7.4 > > > > > > loglevel = 2 > > > > > > Asking server if it supports ssl > > > > > > Server response was (S=Yes,N=No): S > > > > > > server does support ssl > > > > > > converting regular socket connection to ssl > > > > > > > > > > > > at org.postgresql.core.PGStream.flush(PGStream.java:364) > > > > > > at > > > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > > > nection.java:269) > > > > > > at org.postgresql.Driver.connect(Driver.java:137) > > > > > > at > java.sql.DriverManager.getConnection(DriverManager.java:512) > > > > > > at > java.sql.DriverManager.getConnection(DriverManager.java:140) > > > > > > at docextractor.test.main(test.java:35) > > > > > > > > > Exception: An I/O error has occured while flushing the output - > Exception: > > > javax.net.ssl.SSLHandshakeException: > > > java.security.cert.CertificateException: Couldn't find trusted > certificate > > > > > > Stack Trace: > > > > > > > > > > > > javax.net.ssl.SSLHandshakeException: > > > java.security.cert.CertificateException: Couldn't find trusted > certificate > > > > > > at > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) > > > > > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > at > > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) > > > > > > at > > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69) > > > > > > at > > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127) > > > > > > at org.postgresql.core.PGStream.flush(PGStream.java:360) > > > > > > at > > > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > > > nection.java:269) > > > > > > at org.postgresql.Driver.connect(Driver.java:137) > > > > > > at > java.sql.DriverManager.getConnection(DriverManager.java:512) > > > > > > at > java.sql.DriverManager.getConnection(DriverManager.java:140) > > > > > > at docextractor.test.main(test.java:35) > > > > > > > > > Caused by: java.security.cert.CertificateException: Couldn't find > trusted > > > certificate > > > > > > > > > at > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275) > > > > > > at > > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6 > > > 275) > > > > > > at > > > > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6 > > > 275) > > > > > > ... 15 more > > > > > > > > > End of Stack Trace > > > > > > > > > > > > > > > > > > At the server side I get > > > > > > > > > > > > Failed to inititalize SSL Connection: sslv3 alert certificate unknown > > > (Success) > > > > > > > > > > > > > > > I have not been able to find any clear resolutions to this problem. If > > > someone can shed some light on a solution to this problem it would be > > > greatly appreciated. > > > > > > > > > > > > ----- Original Message ----- > > > From: "Barry Lind" <blind@xythos.com> > > > To: "John Laban" <johnl@infotn.com> > > > Cc: <pgsql-jdbc@postgresql.org> > > > Sent: Thursday, March 27, 2003 5:58 PM > > > Subject: Re: [JDBC] JDBC with SSL > > > > > > > > > > > >>John, > > >> > > >>This hasn't yet made it to the documentation. > > >> > > >>but adding ?ssl to the url should be what you need. (also consider > > >>using &loglevel=2 to turn on debugging info). > > >> > > >>--Barry > > >> > > >>John Laban wrote: > > >> > > >>>Hello, > > >>> > > >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) > say > > > > > > they include support for SSL. I can set up the server to use SSL, but I > > > can't seem to get the JDBC driver to actually connect using SSL. Is > there > > > any documentation on this? Or is there a specific parameter I am > supposed > > > to include in the connection URL? > > > > > >>>Any help in this would be appreciated. > > >>> > > >>>John Laban > > >>> > > >> > > >> > > >>---------------------------(end of broadcast)--------------------------- > > >>TIP 5: Have you checked our extensive FAQ? > > >> > > >>http://www.postgresql.org/docs/faqs/FAQ.html > > > > > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > > TIP 6: Have you searched our list archives? > > > > > > http://archives.postgresql.org > > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 6: Have you searched our list archives? > > > > http://archives.postgresql.org > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster >
Thanks for the tip, but sorry, no luck. As for us, we're going to try modifiying the driver to use a custom SSLSocketFactory that won't care about the authentication procedure. Thanks, John Laban ----- Original Message ----- From: "Nagy Istvan" <nistvan@ecity.agria.hu> To: "John Laban" <johnl@infotn.com> Cc: <pgsql-jdbc@postgresql.org> Sent: Friday, March 28, 2003 2:07 PM Subject: Re: [JDBC] JDBC with SSL > Hi John, > > try this one (i hope it works) > > 1. open the certificate in a text editor > 2. look for the line starting like this: ------ BEGIN CERTIFICATE ... > 3. cut the closing section of the file ( incl. the ---- BEGIN CERTIFICATE > and ---- END CERTIFICATE lines) and copy it into the file cert2.crt > 4. run: $ keytool -import -alias alias_name -file cert2.crt > 5. answer all questions and say that you trust this cert > > If you were successful can you tell me about your config? I use jdk1.3.0_02 > and jsse (I know it is an old conf) and PG 7.3 and I recieve an answer as > follows:"FATAL: failed to initialize SSL connection: wrong version number". > I see the next in the server's log file: "FATAL: failed to initialize SSL > connection: sslv3 alert handshake failure" then "FATAL: SSL SYSCALL error: > Connection reset by peer" > > If i change the next line in the back and code : > SSL_context=SSL_CTX_new(TLSv1_method()) to > SSL_context=SSL_CTX_new(SSLv23_method()) and > initialize the factory in the jdbc driver by using SSLv23 then > everything is ok. > > why? > > regards / Istvan Nagy > > ----- Original Message ----- > From: John Laban <johnl@infotn.com> > To: Barry Lind <blind@xythos.com> > Cc: <pgsql-jdbc@postgresql.org> > Sent: Friday, March 28, 2003 6:06 PM > Subject: Re: [JDBC] JDBC with SSL > > > > Hello again, > > > > I have made numerous attempts to import the certificate from the server to > > the client machine using java keytool with no success - the keytool > > complains that the file is not a valid X.509 format. > > > > Additionally, for my application, only the encryption of the channel is > > important so if it is possible to create an ssl connection without the > > authentication portion that would be the best solution. > > > > > > However I would still appreciate any information on how to import the > > certificate (as generated using the Postgresql documention) into the java > > certificate store. > > > > > > > > ----- Original Message ----- > > From: "Barry Lind" <blind@xythos.com> > > To: "John Laban" <johnl@infotn.com> > > Cc: <pgsql-jdbc@postgresql.org> > > Sent: Friday, March 28, 2003 11:11 AM > > Subject: Re: [JDBC] JDBC with SSL > > > > > > > John, > > > > > > The error message indicates that your client doesn't trust the servers > > > certificate. My guess is that you are using a self-signed certificate > > > on the server. If you want to be able to connect you are going to need > > > to import that certificate into the client side java certificate store > > > so that it recognizes the self-signed certificate as valid and trusted. > > > > > > thanks, > > > --Barry > > > > > > > > > John Laban wrote: > > > > Thanks for the quick reply, but I'm still having some difficulty. > > > > > > > > I have been trying to connect to postgresql (redhat version 7.2.3.1) > > using > > > > JDBC and SSL - I am using the 7.4 development driver. > > > > > > > > I know that the server side is set up correctly because when > connecting > > > > using psql the connection is established using SSL. > > > > > > > > > > > > However when connecting via JDBC I receive > > > > > > > > > > > > > > > > > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204) > > > > > > > > ssl = true > > > > > > > > compatible = 7.4 > > > > > > > > loglevel = 2 > > > > > > > > Asking server if it supports ssl > > > > > > > > Server response was (S=Yes,N=No): S > > > > > > > > server does support ssl > > > > > > > > converting regular socket connection to ssl > > > > > > > > > > > > > > > > at org.postgresql.core.PGStream.flush(PGStream.java:364) > > > > > > > > at > > > > > > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > > > > nection.java:269) > > > > > > > > at org.postgresql.Driver.connect(Driver.java:137) > > > > > > > > at > > java.sql.DriverManager.getConnection(DriverManager.java:512) > > > > > > > > at > > java.sql.DriverManager.getConnection(DriverManager.java:140) > > > > > > > > at docextractor.test.main(test.java:35) > > > > > > > > > > > > Exception: An I/O error has occured while flushing the output - > > Exception: > > > > javax.net.ssl.SSLHandshakeException: > > > > java.security.cert.CertificateException: Couldn't find trusted > > certificate > > > > > > > > Stack Trace: > > > > > > > > > > > > > > > > javax.net.ssl.SSLHandshakeException: > > > > java.security.cert.CertificateException: Couldn't find trusted > > certificate > > > > > > > > at > > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > > > > > > > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > > > > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > > > > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) > > > > > > > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) > > > > > > > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > > > > > > > at > > > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) > > > > > > > > at > > > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69) > > > > > > > > at > > > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127) > > > > > > > > at org.postgresql.core.PGStream.flush(PGStream.java:360) > > > > > > > > at > > > > > > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con > > > > nection.java:269) > > > > > > > > at org.postgresql.Driver.connect(Driver.java:137) > > > > > > > > at > > java.sql.DriverManager.getConnection(DriverManager.java:512) > > > > > > > > at > > java.sql.DriverManager.getConnection(DriverManager.java:140) > > > > > > > > at docextractor.test.main(test.java:35) > > > > > > > > > > > > Caused by: java.security.cert.CertificateException: Couldn't find > > trusted > > > > certificate > > > > > > > > > > > > at > > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275) > > > > > > > > at > > > > > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6 > > > > 275) > > > > > > > > at > > > > > > > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6 > > > > 275) > > > > > > > > ... 15 more > > > > > > > > > > > > End of Stack Trace > > > > > > > > > > > > > > > > > > > > > > > > At the server side I get > > > > > > > > > > > > > > > > Failed to inititalize SSL Connection: sslv3 alert certificate unknown > > > > (Success) > > > > > > > > > > > > > > > > > > > > I have not been able to find any clear resolutions to this problem. If > > > > someone can shed some light on a solution to this problem it would be > > > > greatly appreciated. > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Barry Lind" <blind@xythos.com> > > > > To: "John Laban" <johnl@infotn.com> > > > > Cc: <pgsql-jdbc@postgresql.org> > > > > Sent: Thursday, March 27, 2003 5:58 PM > > > > Subject: Re: [JDBC] JDBC with SSL > > > > > > > > > > > > > > > >>John, > > > >> > > > >>This hasn't yet made it to the documentation. > > > >> > > > >>but adding ?ssl to the url should be what you need. (also consider > > > >>using &loglevel=2 to turn on debugging info). > > > >> > > > >>--Barry > > > >> > > > >>John Laban wrote: > > > >> > > > >>>Hello, > > > >>> > > > >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) > > say > > > > > > > > they include support for SSL. I can set up the server to use SSL, but > I > > > > can't seem to get the JDBC driver to actually connect using SSL. Is > > there > > > > any documentation on this? Or is there a specific parameter I am > > supposed > > > > to include in the connection URL? > > > > > > > >>>Any help in this would be appreciated. > > > >>> > > > >>>John Laban > > > >>> > > > >> > > > >> > > > >>---------------------------(end of > broadcast)--------------------------- > > > >>TIP 5: Have you checked our extensive FAQ? > > > >> > > > >>http://www.postgresql.org/docs/faqs/FAQ.html > > > > > > > > > > > > > > > > ---------------------------(end of > broadcast)--------------------------- > > > > TIP 6: Have you searched our list archives? > > > > > > > > http://archives.postgresql.org > > > > > > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > > TIP 6: Have you searched our list archives? > > > > > > http://archives.postgresql.org > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 4: Don't 'kill -9' the postmaster > > > > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org
The following piece of code did it for us (I've found it):
static {
// add support for https and the like
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(
null,
new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public boolean isClientTrusted(X509Certificate[]
x509Certificates) {
return true;
}
public boolean isServerTrusted(X509Certificate[]
x509Certificates) {
return true;
}
}
},
null
);
HTTPConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
} catch (Exception e) {
System.out.println("Failed to set SSL socket factory for
HTTPClient. There might be problems with https.");
}
}
HTH,
CSaba.
On Fri, 2003-03-28 at 21:08, John Laban wrote:
> Thanks for the tip, but sorry, no luck.
>
> As for us, we're going to try modifiying the driver to use a custom
> SSLSocketFactory that won't care about the authentication procedure.
>
> Thanks,
> John Laban
>
>
> ----- Original Message -----
> From: "Nagy Istvan" <nistvan@ecity.agria.hu>
> To: "John Laban" <johnl@infotn.com>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Friday, March 28, 2003 2:07 PM
> Subject: Re: [JDBC] JDBC with SSL
>
>
> > Hi John,
> >
> > try this one (i hope it works)
> >
> > 1. open the certificate in a text editor
> > 2. look for the line starting like this: ------ BEGIN CERTIFICATE ...
> > 3. cut the closing section of the file ( incl. the ---- BEGIN CERTIFICATE
> > and ---- END CERTIFICATE lines) and copy it into the file cert2.crt
> > 4. run: $ keytool -import -alias alias_name -file cert2.crt
> > 5. answer all questions and say that you trust this cert
> >
> > If you were successful can you tell me about your config? I use
> jdk1.3.0_02
> > and jsse (I know it is an old conf) and PG 7.3 and I recieve an answer as
> > follows:"FATAL: failed to initialize SSL connection: wrong version
> number".
> > I see the next in the server's log file: "FATAL: failed to initialize SSL
> > connection: sslv3 alert handshake failure" then "FATAL: SSL SYSCALL error:
> > Connection reset by peer"
> >
> > If i change the next line in the back and code :
> > SSL_context=SSL_CTX_new(TLSv1_method()) to
> > SSL_context=SSL_CTX_new(SSLv23_method()) and
> > initialize the factory in the jdbc driver by using SSLv23 then
> > everything is ok.
> >
> > why?
> >
> > regards / Istvan Nagy
> >
> > ----- Original Message -----
> > From: John Laban <johnl@infotn.com>
> > To: Barry Lind <blind@xythos.com>
> > Cc: <pgsql-jdbc@postgresql.org>
> > Sent: Friday, March 28, 2003 6:06 PM
> > Subject: Re: [JDBC] JDBC with SSL
> >
> >
> > > Hello again,
> > >
> > > I have made numerous attempts to import the certificate from the server
> to
> > > the client machine using java keytool with no success - the keytool
> > > complains that the file is not a valid X.509 format.
> > >
> > > Additionally, for my application, only the encryption of the channel is
> > > important so if it is possible to create an ssl connection without the
> > > authentication portion that would be the best solution.
> > >
> > >
> > > However I would still appreciate any information on how to import the
> > > certificate (as generated using the Postgresql documention) into the
> java
> > > certificate store.
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Barry Lind" <blind@xythos.com>
> > > To: "John Laban" <johnl@infotn.com>
> > > Cc: <pgsql-jdbc@postgresql.org>
> > > Sent: Friday, March 28, 2003 11:11 AM
> > > Subject: Re: [JDBC] JDBC with SSL
> > >
> > >
> > > > John,
> > > >
> > > > The error message indicates that your client doesn't trust the servers
> > > > certificate. My guess is that you are using a self-signed certificate
> > > > on the server. If you want to be able to connect you are going to
> need
> > > > to import that certificate into the client side java certificate store
> > > > so that it recognizes the self-signed certificate as valid and
> trusted.
> > > >
> > > > thanks,
> > > > --Barry
> > > >
> > > >
> > > > John Laban wrote:
> > > > > Thanks for the quick reply, but I'm still having some difficulty.
> > > > >
> > > > > I have been trying to connect to postgresql (redhat version 7.2.3.1)
> > > using
> > > > > JDBC and SSL - I am using the 7.4 development driver.
> > > > >
> > > > > I know that the server side is set up correctly because when
> > connecting
> > > > > using psql the connection is established using SSL.
> > > > >
> > > > >
> > > > > However when connecting via JDBC I receive
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> > > > >
> > > > > ssl = true
> > > > >
> > > > > compatible = 7.4
> > > > >
> > > > > loglevel = 2
> > > > >
> > > > > Asking server if it supports ssl
> > > > >
> > > > > Server response was (S=Yes,N=No): S
> > > > >
> > > > > server does support ssl
> > > > >
> > > > > converting regular socket connection to ssl
> > > > >
> > > > >
> > > > >
> > > > > at org.postgresql.core.PGStream.flush(PGStream.java:364)
> > > > >
> > > > > at
> > > > >
> > >
> >
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > nection.java:269)
> > > > >
> > > > > at org.postgresql.Driver.connect(Driver.java:137)
> > > > >
> > > > > at
> > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > >
> > > > > at
> > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > >
> > > > > at docextractor.test.main(test.java:35)
> > > > >
> > > > >
> > > > > Exception: An I/O error has occured while flushing the output -
> > > Exception:
> > > > > javax.net.ssl.SSLHandshakeException:
> > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > certificate
> > > > >
> > > > > Stack Trace:
> > > > >
> > > > >
> > > > >
> > > > > javax.net.ssl.SSLHandshakeException:
> > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > certificate
> > > > >
> > > > > at
> > > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > > > >
> > > > > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > >
> > > > > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > >
> > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > >
> > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > >
> > > > > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > > > >
> > > > > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > >
> > > > > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > > > >
> > > > > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > >
> > > > > at
> > > > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> > > > >
> > > > > at
> > > > >
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> > > > >
> > > > > at
> > > > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> > > > >
> > > > > at org.postgresql.core.PGStream.flush(PGStream.java:360)
> > > > >
> > > > > at
> > > > >
> > >
> >
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > nection.java:269)
> > > > >
> > > > > at org.postgresql.Driver.connect(Driver.java:137)
> > > > >
> > > > > at
> > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > >
> > > > > at
> > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > >
> > > > > at docextractor.test.main(test.java:35)
> > > > >
> > > > >
> > > > > Caused by: java.security.cert.CertificateException: Couldn't find
> > > trusted
> > > > > certificate
> > > > >
> > > > >
> > > > > at
> > > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> > > > >
> > > > > at
> > > > >
> > >
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > > > > 275)
> > > > >
> > > > > at
> > > > >
> > >
> >
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > > > > 275)
> > > > >
> > > > > ... 15 more
> > > > >
> > > > >
> > > > > End of Stack Trace
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > At the server side I get
> > > > >
> > > > >
> > > > >
> > > > > Failed to inititalize SSL Connection: sslv3 alert certificate
> unknown
> > > > > (Success)
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > I have not been able to find any clear resolutions to this problem.
> If
> > > > > someone can shed some light on a solution to this problem it would
> be
> > > > > greatly appreciated.
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Barry Lind" <blind@xythos.com>
> > > > > To: "John Laban" <johnl@infotn.com>
> > > > > Cc: <pgsql-jdbc@postgresql.org>
> > > > > Sent: Thursday, March 27, 2003 5:58 PM
> > > > > Subject: Re: [JDBC] JDBC with SSL
> > > > >
> > > > >
> > > > >
> > > > >>John,
> > > > >>
> > > > >>This hasn't yet made it to the documentation.
> > > > >>
> > > > >>but adding ?ssl to the url should be what you need. (also consider
> > > > >>using &loglevel=2 to turn on debugging info).
> > > > >>
> > > > >>--Barry
> > > > >>
> > > > >>John Laban wrote:
> > > > >>
> > > > >>>Hello,
> > > > >>>
> > > > >>>The newest developement JDBC drivers (7.4dev, build 204,
> 2003-03-23)
> > > say
> > > > >
> > > > > they include support for SSL. I can set up the server to use SSL,
> but
> > I
> > > > > can't seem to get the JDBC driver to actually connect using SSL. Is
> > > there
> > > > > any documentation on this? Or is there a specific parameter I am
> > > supposed
> > > > > to include in the connection URL?
> > > > >
> > > > >>>Any help in this would be appreciated.
> > > > >>>
> > > > >>>John Laban
> > > > >>>
> > > > >>
> > > > >>
> > > > >>---------------------------(end of
> > broadcast)---------------------------
> > > > >>TIP 5: Have you checked our extensive FAQ?
> > > > >>
> > > > >>http://www.postgresql.org/docs/faqs/FAQ.html
> > > > >
> > > > >
> > > > >
> > > > > ---------------------------(end of
> > broadcast)---------------------------
> > > > > TIP 6: Have you searched our list archives?
> > > > >
> > > > > http://archives.postgresql.org
> > > > >
> > > >
> > > >
> > > > ---------------------------(end of
> broadcast)---------------------------
> > > > TIP 6: Have you searched our list archives?
> > > >
> > > > http://archives.postgresql.org
> > >
> > >
> > > ---------------------------(end of broadcast)---------------------------
> > > TIP 4: Don't 'kill -9' the postmaster
> > >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>
That is exactly what we did Friday afternoon, and it works great.
Thanks,
John
----- Original Message -----
From: "Csaba Nagy" <nagy@ecircle-ag.com>
To: "John Laban" <johnl@infotn.com>
Cc: "Nagy Istvan" <nistvan@ecity.agria.hu>; "Postgres JDBC"
<pgsql-jdbc@postgresql.org>
Sent: Monday, March 31, 2003 3:29 AM
Subject: Re: [JDBC] JDBC with SSL
> The following piece of code did it for us (I've found it):
>
> static {
> // add support for https and the like
> System.setProperty("java.protocol.handler.pkgs",
> "com.sun.net.ssl.internal.www.protocol");
> Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
>
> try {
> SSLContext ctx = SSLContext.getInstance("TLS");
> ctx.init(
> null,
> new TrustManager[] {
> new X509TrustManager() {
> public X509Certificate[] getAcceptedIssuers() {
> return new X509Certificate[0];
> }
>
> public boolean isClientTrusted(X509Certificate[]
> x509Certificates) {
> return true;
> }
>
> public boolean isServerTrusted(X509Certificate[]
> x509Certificates) {
> return true;
> }
> }
> },
> null
> );
>
>
> HTTPConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
> } catch (Exception e) {
> System.out.println("Failed to set SSL socket factory for
> HTTPClient. There might be problems with https.");
> }
>
> }
>
> HTH,
> CSaba.
>
>
> On Fri, 2003-03-28 at 21:08, John Laban wrote:
> > Thanks for the tip, but sorry, no luck.
> >
> > As for us, we're going to try modifiying the driver to use a custom
> > SSLSocketFactory that won't care about the authentication procedure.
> >
> > Thanks,
> > John Laban
> >
> >
> > ----- Original Message -----
> > From: "Nagy Istvan" <nistvan@ecity.agria.hu>
> > To: "John Laban" <johnl@infotn.com>
> > Cc: <pgsql-jdbc@postgresql.org>
> > Sent: Friday, March 28, 2003 2:07 PM
> > Subject: Re: [JDBC] JDBC with SSL
> >
> >
> > > Hi John,
> > >
> > > try this one (i hope it works)
> > >
> > > 1. open the certificate in a text editor
> > > 2. look for the line starting like this: ------ BEGIN CERTIFICATE ...
> > > 3. cut the closing section of the file ( incl. the ---- BEGIN
CERTIFICATE
> > > and ---- END CERTIFICATE lines) and copy it into the file cert2.crt
> > > 4. run: $ keytool -import -alias alias_name -file cert2.crt
> > > 5. answer all questions and say that you trust this cert
> > >
> > > If you were successful can you tell me about your config? I use
> > jdk1.3.0_02
> > > and jsse (I know it is an old conf) and PG 7.3 and I recieve an answer
as
> > > follows:"FATAL: failed to initialize SSL connection: wrong version
> > number".
> > > I see the next in the server's log file: "FATAL: failed to initialize
SSL
> > > connection: sslv3 alert handshake failure" then "FATAL: SSL SYSCALL
error:
> > > Connection reset by peer"
> > >
> > > If i change the next line in the back and code :
> > > SSL_context=SSL_CTX_new(TLSv1_method()) to
> > > SSL_context=SSL_CTX_new(SSLv23_method()) and
> > > initialize the factory in the jdbc driver by using SSLv23 then
> > > everything is ok.
> > >
> > > why?
> > >
> > > regards / Istvan Nagy
> > >
> > > ----- Original Message -----
> > > From: John Laban <johnl@infotn.com>
> > > To: Barry Lind <blind@xythos.com>
> > > Cc: <pgsql-jdbc@postgresql.org>
> > > Sent: Friday, March 28, 2003 6:06 PM
> > > Subject: Re: [JDBC] JDBC with SSL
> > >
> > >
> > > > Hello again,
> > > >
> > > > I have made numerous attempts to import the certificate from the
server
> > to
> > > > the client machine using java keytool with no success - the keytool
> > > > complains that the file is not a valid X.509 format.
> > > >
> > > > Additionally, for my application, only the encryption of the channel
is
> > > > important so if it is possible to create an ssl connection without
the
> > > > authentication portion that would be the best solution.
> > > >
> > > >
> > > > However I would still appreciate any information on how to import
the
> > > > certificate (as generated using the Postgresql documention) into the
> > java
> > > > certificate store.
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Barry Lind" <blind@xythos.com>
> > > > To: "John Laban" <johnl@infotn.com>
> > > > Cc: <pgsql-jdbc@postgresql.org>
> > > > Sent: Friday, March 28, 2003 11:11 AM
> > > > Subject: Re: [JDBC] JDBC with SSL
> > > >
> > > >
> > > > > John,
> > > > >
> > > > > The error message indicates that your client doesn't trust the
servers
> > > > > certificate. My guess is that you are using a self-signed
certificate
> > > > > on the server. If you want to be able to connect you are going to
> > need
> > > > > to import that certificate into the client side java certificate
store
> > > > > so that it recognizes the self-signed certificate as valid and
> > trusted.
> > > > >
> > > > > thanks,
> > > > > --Barry
> > > > >
> > > > >
> > > > > John Laban wrote:
> > > > > > Thanks for the quick reply, but I'm still having some
difficulty.
> > > > > >
> > > > > > I have been trying to connect to postgresql (redhat version
7.2.3.1)
> > > > using
> > > > > > JDBC and SSL - I am using the 7.4 development driver.
> > > > > >
> > > > > > I know that the server side is set up correctly because when
> > > connecting
> > > > > > using psql the connection is established using SSL.
> > > > > >
> > > > > >
> > > > > > However when connecting via JDBC I receive
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> > > > > >
> > > > > > ssl = true
> > > > > >
> > > > > > compatible = 7.4
> > > > > >
> > > > > > loglevel = 2
> > > > > >
> > > > > > Asking server if it supports ssl
> > > > > >
> > > > > > Server response was (S=Yes,N=No): S
> > > > > >
> > > > > > server does support ssl
> > > > > >
> > > > > > converting regular socket connection to ssl
> > > > > >
> > > > > >
> > > > > >
> > > > > > at
org.postgresql.core.PGStream.flush(PGStream.java:364)
> > > > > >
> > > > > > at
> > > > > >
> > > >
> > >
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > > nection.java:269)
> > > > > >
> > > > > > at org.postgresql.Driver.connect(Driver.java:137)
> > > > > >
> > > > > > at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > > >
> > > > > > at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > > >
> > > > > > at docextractor.test.main(test.java:35)
> > > > > >
> > > > > >
> > > > > > Exception: An I/O error has occured while flushing the output -
> > > > Exception:
> > > > > > javax.net.ssl.SSLHandshakeException:
> > > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > > certificate
> > > > > >
> > > > > > Stack Trace:
> > > > > >
> > > > > >
> > > > > >
> > > > > > javax.net.ssl.SSLHandshakeException:
> > > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > > certificate
> > > > > >
> > > > > > at
> > > > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > > >
> > > > > > at
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > > >
> > > > > > at
com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > > > > >
> > > > > > at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > > > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> > > > > >
> > > > > > at
> > > > > >
> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> > > > > >
> > > > > > at
> > > > > >
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> > > > > >
> > > > > > at
org.postgresql.core.PGStream.flush(PGStream.java:360)
> > > > > >
> > > > > > at
> > > > > >
> > > >
> > >
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > > nection.java:269)
> > > > > >
> > > > > > at org.postgresql.Driver.connect(Driver.java:137)
> > > > > >
> > > > > > at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > > >
> > > > > > at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > > >
> > > > > > at docextractor.test.main(test.java:35)
> > > > > >
> > > > > >
> > > > > > Caused by: java.security.cert.CertificateException: Couldn't
find
> > > > trusted
> > > > > > certificate
> > > > > >
> > > > > >
> > > > > > at
> > > > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> > > > > >
> > > > > > at
> > > > > >
> > > >
> > >
> >
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > > > > > 275)
> > > > > >
> > > > > > at
> > > > > >
> > > >
> > >
> >
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > > > > > 275)
> > > > > >
> > > > > > ... 15 more
> > > > > >
> > > > > >
> > > > > > End of Stack Trace
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > At the server side I get
> > > > > >
> > > > > >
> > > > > >
> > > > > > Failed to inititalize SSL Connection: sslv3 alert certificate
> > unknown
> > > > > > (Success)
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > I have not been able to find any clear resolutions to this
problem.
> > If
> > > > > > someone can shed some light on a solution to this problem it
would
> > be
> > > > > > greatly appreciated.
> > > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Barry Lind" <blind@xythos.com>
> > > > > > To: "John Laban" <johnl@infotn.com>
> > > > > > Cc: <pgsql-jdbc@postgresql.org>
> > > > > > Sent: Thursday, March 27, 2003 5:58 PM
> > > > > > Subject: Re: [JDBC] JDBC with SSL
> > > > > >
> > > > > >
> > > > > >
> > > > > >>John,
> > > > > >>
> > > > > >>This hasn't yet made it to the documentation.
> > > > > >>
> > > > > >>but adding ?ssl to the url should be what you need. (also
consider
> > > > > >>using &loglevel=2 to turn on debugging info).
> > > > > >>
> > > > > >>--Barry
> > > > > >>
> > > > > >>John Laban wrote:
> > > > > >>
> > > > > >>>Hello,
> > > > > >>>
> > > > > >>>The newest developement JDBC drivers (7.4dev, build 204,
> > 2003-03-23)
> > > > say
> > > > > >
> > > > > > they include support for SSL. I can set up the server to use
SSL,
> > but
> > > I
> > > > > > can't seem to get the JDBC driver to actually connect using SSL.
Is
> > > > there
> > > > > > any documentation on this? Or is there a specific parameter I
am
> > > > supposed
> > > > > > to include in the connection URL?
> > > > > >
> > > > > >>>Any help in this would be appreciated.
> > > > > >>>
> > > > > >>>John Laban
> > > > > >>>
> > > > > >>
> > > > > >>
> > > > > >>---------------------------(end of
> > > broadcast)---------------------------
> > > > > >>TIP 5: Have you checked our extensive FAQ?
> > > > > >>
> > > > > >>http://www.postgresql.org/docs/faqs/FAQ.html
> > > > > >
> > > > > >
> > > > > >
> > > > > > ---------------------------(end of
> > > broadcast)---------------------------
> > > > > > TIP 6: Have you searched our list archives?
> > > > > >
> > > > > > http://archives.postgresql.org
> > > > > >
> > > > >
> > > > >
> > > > > ---------------------------(end of
> > broadcast)---------------------------
> > > > > TIP 6: Have you searched our list archives?
> > > > >
> > > > > http://archives.postgresql.org
> > > >
> > > >
> > > > ---------------------------(end of
broadcast)---------------------------
> > > > TIP 4: Don't 'kill -9' the postmaster
> > > >
> > >
> > >
> > > ---------------------------(end of
broadcast)---------------------------
> > > TIP 6: Have you searched our list archives?
> > >
> > > http://archives.postgresql.org
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an appropriate
> > subscribe-nomail command to majordomo@postgresql.org so that your
> > message can get through to the mailing list cleanly
> >
>