Thread: JDBC with SSL

JDBC with SSL

From
"John Laban"
Date:
Hello,
 
The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say they include support for SSL.  I can set up the server to use SSL, but I can't seem to get the JDBC driver to actually connect using SSL.  Is there any documentation on this?  Or is there a specific parameter I am supposed to include in the connection URL?
 
Any help in this would be appreciated.
 
John Laban

Re: JDBC with SSL

From
Barry Lind
Date:
John,

This hasn't yet made it to the documentation.

but adding ?ssl to the url should be what you need.  (also consider
using &loglevel=2 to turn on debugging info).

--Barry

John Laban wrote:
> Hello,
>
> The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say they include support for SSL.  I can set up
theserver to use SSL, but I can't seem to get the JDBC driver to actually connect using SSL.  Is there any
documentationon this?  Or is there a specific parameter I am supposed to include in the connection URL? 
>
> Any help in this would be appreciated.
>
> John Laban
>


Re: JDBC with SSL

From
"John Laban"
Date:
Thanks for the quick reply, but I'm still having some difficulty.

I have been trying to connect to postgresql (redhat version 7.2.3.1) using
JDBC and SSL - I am using the 7.4 development driver.

I know that the server side is set up correctly because when connecting
using psql the connection is established using SSL.


However when connecting via JDBC I receive




PostgreSQL 7.4devel JDBC3 with SSL (build 204)

    ssl = true

    compatible = 7.4

    loglevel = 2

Asking server if it supports ssl

Server response was (S=Yes,N=No): S

server does support ssl

converting regular socket connection to ssl



            at org.postgresql.core.PGStream.flush(PGStream.java:364)

            at
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
nection.java:269)

            at org.postgresql.Driver.connect(Driver.java:137)

            at java.sql.DriverManager.getConnection(DriverManager.java:512)

            at java.sql.DriverManager.getConnection(DriverManager.java:140)

            at docextractor.test.main(test.java:35)


Exception: An I/O error has occured while flushing the output - Exception:
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted certificate

Stack Trace:



javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted certificate

            at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)

            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

            at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)

            at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)

            at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)

            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)

            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

            at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)

            at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)

            at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)

            at org.postgresql.core.PGStream.flush(PGStream.java:360)

            at
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
nection.java:269)

            at org.postgresql.Driver.connect(Driver.java:137)

            at java.sql.DriverManager.getConnection(DriverManager.java:512)

            at java.sql.DriverManager.getConnection(DriverManager.java:140)

            at docextractor.test.main(test.java:35)


Caused by: java.security.cert.CertificateException: Couldn't find trusted
certificate


            at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)

            at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
275)

            at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
275)

            ... 15 more


End of Stack Trace





At the server side I get



Failed to inititalize SSL Connection: sslv3 alert certificate unknown
(Success)




I have not been able to find any clear resolutions to this problem. If
someone can shed some light on a solution to this problem it would be
greatly appreciated.



----- Original Message -----
From: "Barry Lind" <blind@xythos.com>
To: "John Laban" <johnl@infotn.com>
Cc: <pgsql-jdbc@postgresql.org>
Sent: Thursday, March 27, 2003 5:58 PM
Subject: Re: [JDBC] JDBC with SSL


> John,
>
> This hasn't yet made it to the documentation.
>
> but adding ?ssl to the url should be what you need.  (also consider
> using &loglevel=2 to turn on debugging info).
>
> --Barry
>
> John Laban wrote:
> > Hello,
> >
> > The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say
they include support for SSL.  I can set up the server to use SSL, but I
can't seem to get the JDBC driver to actually connect using SSL.  Is there
any documentation on this?  Or is there a specific parameter I am supposed
to include in the connection URL?
> >
> > Any help in this would be appreciated.
> >
> > John Laban
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html


Re: JDBC with SSL

From
Barry Lind
Date:
John,

The error message indicates that your client doesn't trust the servers
certificate.  My guess is that you are using a self-signed certificate
on the server.  If you want to be able to connect you are going to need
to import that certificate into the client side java certificate store
so that it recognizes the self-signed certificate as valid and trusted.

thanks,
--Barry


John Laban wrote:
> Thanks for the quick reply, but I'm still having some difficulty.
>
> I have been trying to connect to postgresql (redhat version 7.2.3.1) using
> JDBC and SSL - I am using the 7.4 development driver.
>
> I know that the server side is set up correctly because when connecting
> using psql the connection is established using SSL.
>
>
> However when connecting via JDBC I receive
>
>
>
>
> PostgreSQL 7.4devel JDBC3 with SSL (build 204)
>
>     ssl = true
>
>     compatible = 7.4
>
>     loglevel = 2
>
> Asking server if it supports ssl
>
> Server response was (S=Yes,N=No): S
>
> server does support ssl
>
> converting regular socket connection to ssl
>
>
>
>             at org.postgresql.core.PGStream.flush(PGStream.java:364)
>
>             at
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> nection.java:269)
>
>             at org.postgresql.Driver.connect(Driver.java:137)
>
>             at java.sql.DriverManager.getConnection(DriverManager.java:512)
>
>             at java.sql.DriverManager.getConnection(DriverManager.java:140)
>
>             at docextractor.test.main(test.java:35)
>
>
> Exception: An I/O error has occured while flushing the output - Exception:
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Couldn't find trusted certificate
>
> Stack Trace:
>
>
>
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Couldn't find trusted certificate
>
>             at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
>
>             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>
>             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>
>             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>
>             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>
>             at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
>
>             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>
>             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
>
>             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>
>             at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
>
>             at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
>
>             at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
>
>             at org.postgresql.core.PGStream.flush(PGStream.java:360)
>
>             at
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> nection.java:269)
>
>             at org.postgresql.Driver.connect(Driver.java:137)
>
>             at java.sql.DriverManager.getConnection(DriverManager.java:512)
>
>             at java.sql.DriverManager.getConnection(DriverManager.java:140)
>
>             at docextractor.test.main(test.java:35)
>
>
> Caused by: java.security.cert.CertificateException: Couldn't find trusted
> certificate
>
>
>             at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
>
>             at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> 275)
>
>             at
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> 275)
>
>             ... 15 more
>
>
> End of Stack Trace
>
>
>
>
>
> At the server side I get
>
>
>
> Failed to inititalize SSL Connection: sslv3 alert certificate unknown
> (Success)
>
>
>
>
> I have not been able to find any clear resolutions to this problem. If
> someone can shed some light on a solution to this problem it would be
> greatly appreciated.
>
>
>
> ----- Original Message -----
> From: "Barry Lind" <blind@xythos.com>
> To: "John Laban" <johnl@infotn.com>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Thursday, March 27, 2003 5:58 PM
> Subject: Re: [JDBC] JDBC with SSL
>
>
>
>>John,
>>
>>This hasn't yet made it to the documentation.
>>
>>but adding ?ssl to the url should be what you need.  (also consider
>>using &loglevel=2 to turn on debugging info).
>>
>>--Barry
>>
>>John Laban wrote:
>>
>>>Hello,
>>>
>>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say
>
> they include support for SSL.  I can set up the server to use SSL, but I
> can't seem to get the JDBC driver to actually connect using SSL.  Is there
> any documentation on this?  Or is there a specific parameter I am supposed
> to include in the connection URL?
>
>>>Any help in this would be appreciated.
>>>
>>>John Laban
>>>
>>
>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 5: Have you checked our extensive FAQ?
>>
>>http://www.postgresql.org/docs/faqs/FAQ.html
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
>


Re: JDBC with SSL

From
"John Laban"
Date:
Hello again,

I have made numerous attempts to import the certificate from the server to
the client machine using java keytool with no success - the keytool
complains that the file is not a valid X.509 format.

Additionally, for my application, only the encryption of the channel is
important so if it is possible to create an ssl connection without the
authentication portion that would be the best solution.


However I would still appreciate any information on how to import the
certificate (as generated using the Postgresql documention) into the java
certificate store.



----- Original Message -----
From: "Barry Lind" <blind@xythos.com>
To: "John Laban" <johnl@infotn.com>
Cc: <pgsql-jdbc@postgresql.org>
Sent: Friday, March 28, 2003 11:11 AM
Subject: Re: [JDBC] JDBC with SSL


> John,
>
> The error message indicates that your client doesn't trust the servers
> certificate.  My guess is that you are using a self-signed certificate
> on the server.  If you want to be able to connect you are going to need
> to import that certificate into the client side java certificate store
> so that it recognizes the self-signed certificate as valid and trusted.
>
> thanks,
> --Barry
>
>
> John Laban wrote:
> > Thanks for the quick reply, but I'm still having some difficulty.
> >
> > I have been trying to connect to postgresql (redhat version 7.2.3.1)
using
> > JDBC and SSL - I am using the 7.4 development driver.
> >
> > I know that the server side is set up correctly because when connecting
> > using psql the connection is established using SSL.
> >
> >
> > However when connecting via JDBC I receive
> >
> >
> >
> >
> > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> >
> >     ssl = true
> >
> >     compatible = 7.4
> >
> >     loglevel = 2
> >
> > Asking server if it supports ssl
> >
> > Server response was (S=Yes,N=No): S
> >
> > server does support ssl
> >
> > converting regular socket connection to ssl
> >
> >
> >
> >             at org.postgresql.core.PGStream.flush(PGStream.java:364)
> >
> >             at
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > nection.java:269)
> >
> >             at org.postgresql.Driver.connect(Driver.java:137)
> >
> >             at
java.sql.DriverManager.getConnection(DriverManager.java:512)
> >
> >             at
java.sql.DriverManager.getConnection(DriverManager.java:140)
> >
> >             at docextractor.test.main(test.java:35)
> >
> >
> > Exception: An I/O error has occured while flushing the output -
Exception:
> > javax.net.ssl.SSLHandshakeException:
> > java.security.cert.CertificateException: Couldn't find trusted
certificate
> >
> > Stack Trace:
> >
> >
> >
> > javax.net.ssl.SSLHandshakeException:
> > java.security.cert.CertificateException: Couldn't find trusted
certificate
> >
> >             at
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> >
> >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >
> >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >
> >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> >
> >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> >
> >             at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> >
> >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >
> >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> >
> >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >
> >             at
> > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> >
> >             at
> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> >
> >             at
> > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> >
> >             at org.postgresql.core.PGStream.flush(PGStream.java:360)
> >
> >             at
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > nection.java:269)
> >
> >             at org.postgresql.Driver.connect(Driver.java:137)
> >
> >             at
java.sql.DriverManager.getConnection(DriverManager.java:512)
> >
> >             at
java.sql.DriverManager.getConnection(DriverManager.java:140)
> >
> >             at docextractor.test.main(test.java:35)
> >
> >
> > Caused by: java.security.cert.CertificateException: Couldn't find
trusted
> > certificate
> >
> >
> >             at
> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> >
> >             at
> >
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > 275)
> >
> >             at
> >
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > 275)
> >
> >             ... 15 more
> >
> >
> > End of Stack Trace
> >
> >
> >
> >
> >
> > At the server side I get
> >
> >
> >
> > Failed to inititalize SSL Connection: sslv3 alert certificate unknown
> > (Success)
> >
> >
> >
> >
> > I have not been able to find any clear resolutions to this problem. If
> > someone can shed some light on a solution to this problem it would be
> > greatly appreciated.
> >
> >
> >
> > ----- Original Message -----
> > From: "Barry Lind" <blind@xythos.com>
> > To: "John Laban" <johnl@infotn.com>
> > Cc: <pgsql-jdbc@postgresql.org>
> > Sent: Thursday, March 27, 2003 5:58 PM
> > Subject: Re: [JDBC] JDBC with SSL
> >
> >
> >
> >>John,
> >>
> >>This hasn't yet made it to the documentation.
> >>
> >>but adding ?ssl to the url should be what you need.  (also consider
> >>using &loglevel=2 to turn on debugging info).
> >>
> >>--Barry
> >>
> >>John Laban wrote:
> >>
> >>>Hello,
> >>>
> >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23)
say
> >
> > they include support for SSL.  I can set up the server to use SSL, but I
> > can't seem to get the JDBC driver to actually connect using SSL.  Is
there
> > any documentation on this?  Or is there a specific parameter I am
supposed
> > to include in the connection URL?
> >
> >>>Any help in this would be appreciated.
> >>>
> >>>John Laban
> >>>
> >>
> >>
> >>---------------------------(end of broadcast)---------------------------
> >>TIP 5: Have you checked our extensive FAQ?
> >>
> >>http://www.postgresql.org/docs/faqs/FAQ.html
> >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org


Re: JDBC with SSL

From
Csaba Nagy
Date:
You can set the security provider (or something similar, read the
security docs) to your own implementation to permit any certificate.
You can do this on app initialization.
I did it once but forget how :D

HTH,
Csaba.

On Fri, 2003-03-28 at 18:06, John Laban wrote:
> Hello again,
>
> I have made numerous attempts to import the certificate from the server to
> the client machine using java keytool with no success - the keytool
> complains that the file is not a valid X.509 format.
>
> Additionally, for my application, only the encryption of the channel is
> important so if it is possible to create an ssl connection without the
> authentication portion that would be the best solution.
>
>
> However I would still appreciate any information on how to import the
> certificate (as generated using the Postgresql documention) into the java
> certificate store.
>
>
>
> ----- Original Message -----
> From: "Barry Lind" <blind@xythos.com>
> To: "John Laban" <johnl@infotn.com>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Friday, March 28, 2003 11:11 AM
> Subject: Re: [JDBC] JDBC with SSL
>
>
> > John,
> >
> > The error message indicates that your client doesn't trust the servers
> > certificate.  My guess is that you are using a self-signed certificate
> > on the server.  If you want to be able to connect you are going to need
> > to import that certificate into the client side java certificate store
> > so that it recognizes the self-signed certificate as valid and trusted.
> >
> > thanks,
> > --Barry
> >
> >
> > John Laban wrote:
> > > Thanks for the quick reply, but I'm still having some difficulty.
> > >
> > > I have been trying to connect to postgresql (redhat version 7.2.3.1)
> using
> > > JDBC and SSL - I am using the 7.4 development driver.
> > >
> > > I know that the server side is set up correctly because when connecting
> > > using psql the connection is established using SSL.
> > >
> > >
> > > However when connecting via JDBC I receive
> > >
> > >
> > >
> > >
> > > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> > >
> > >     ssl = true
> > >
> > >     compatible = 7.4
> > >
> > >     loglevel = 2
> > >
> > > Asking server if it supports ssl
> > >
> > > Server response was (S=Yes,N=No): S
> > >
> > > server does support ssl
> > >
> > > converting regular socket connection to ssl
> > >
> > >
> > >
> > >             at org.postgresql.core.PGStream.flush(PGStream.java:364)
> > >
> > >             at
> > >
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > nection.java:269)
> > >
> > >             at org.postgresql.Driver.connect(Driver.java:137)
> > >
> > >             at
> java.sql.DriverManager.getConnection(DriverManager.java:512)
> > >
> > >             at
> java.sql.DriverManager.getConnection(DriverManager.java:140)
> > >
> > >             at docextractor.test.main(test.java:35)
> > >
> > >
> > > Exception: An I/O error has occured while flushing the output -
> Exception:
> > > javax.net.ssl.SSLHandshakeException:
> > > java.security.cert.CertificateException: Couldn't find trusted
> certificate
> > >
> > > Stack Trace:
> > >
> > >
> > >
> > > javax.net.ssl.SSLHandshakeException:
> > > java.security.cert.CertificateException: Couldn't find trusted
> certificate
> > >
> > >             at
> com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > >             at
> > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> > >
> > >             at
> > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> > >
> > >             at
> > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> > >
> > >             at org.postgresql.core.PGStream.flush(PGStream.java:360)
> > >
> > >             at
> > >
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > nection.java:269)
> > >
> > >             at org.postgresql.Driver.connect(Driver.java:137)
> > >
> > >             at
> java.sql.DriverManager.getConnection(DriverManager.java:512)
> > >
> > >             at
> java.sql.DriverManager.getConnection(DriverManager.java:140)
> > >
> > >             at docextractor.test.main(test.java:35)
> > >
> > >
> > > Caused by: java.security.cert.CertificateException: Couldn't find
> trusted
> > > certificate
> > >
> > >
> > >             at
> > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> > >
> > >             at
> > >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > > 275)
> > >
> > >             at
> > >
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > > 275)
> > >
> > >             ... 15 more
> > >
> > >
> > > End of Stack Trace
> > >
> > >
> > >
> > >
> > >
> > > At the server side I get
> > >
> > >
> > >
> > > Failed to inititalize SSL Connection: sslv3 alert certificate unknown
> > > (Success)
> > >
> > >
> > >
> > >
> > > I have not been able to find any clear resolutions to this problem. If
> > > someone can shed some light on a solution to this problem it would be
> > > greatly appreciated.
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Barry Lind" <blind@xythos.com>
> > > To: "John Laban" <johnl@infotn.com>
> > > Cc: <pgsql-jdbc@postgresql.org>
> > > Sent: Thursday, March 27, 2003 5:58 PM
> > > Subject: Re: [JDBC] JDBC with SSL
> > >
> > >
> > >
> > >>John,
> > >>
> > >>This hasn't yet made it to the documentation.
> > >>
> > >>but adding ?ssl to the url should be what you need.  (also consider
> > >>using &loglevel=2 to turn on debugging info).
> > >>
> > >>--Barry
> > >>
> > >>John Laban wrote:
> > >>
> > >>>Hello,
> > >>>
> > >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23)
> say
> > >
> > > they include support for SSL.  I can set up the server to use SSL, but I
> > > can't seem to get the JDBC driver to actually connect using SSL.  Is
> there
> > > any documentation on this?  Or is there a specific parameter I am
> supposed
> > > to include in the connection URL?
> > >
> > >>>Any help in this would be appreciated.
> > >>>
> > >>>John Laban
> > >>>
> > >>
> > >>
> > >>---------------------------(end of broadcast)---------------------------
> > >>TIP 5: Have you checked our extensive FAQ?
> > >>
> > >>http://www.postgresql.org/docs/faqs/FAQ.html
> > >
> > >
> > >
> > > ---------------------------(end of broadcast)---------------------------
> > > TIP 6: Have you searched our list archives?
> > >
> > > http://archives.postgresql.org
> > >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>


Re: JDBC with SSL

From
Barry Lind
Date:
John,

I have done this before, but I don't remember the exact steps.  Java is
very particular about the formats of certs it accepts.  I ended up doing
a google search and found some good instructions on how to get java to
import an openssl created cert.  Unfortunately I didn't keep those
instructions.

--Barry


John Laban wrote:
> Hello again,
>
> I have made numerous attempts to import the certificate from the server to
> the client machine using java keytool with no success - the keytool
> complains that the file is not a valid X.509 format.
>
> Additionally, for my application, only the encryption of the channel is
> important so if it is possible to create an ssl connection without the
> authentication portion that would be the best solution.
>
>
> However I would still appreciate any information on how to import the
> certificate (as generated using the Postgresql documention) into the java
> certificate store.
>
>
>
> ----- Original Message -----
> From: "Barry Lind" <blind@xythos.com>
> To: "John Laban" <johnl@infotn.com>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Friday, March 28, 2003 11:11 AM
> Subject: Re: [JDBC] JDBC with SSL
>
>
>
>>John,
>>
>>The error message indicates that your client doesn't trust the servers
>>certificate.  My guess is that you are using a self-signed certificate
>>on the server.  If you want to be able to connect you are going to need
>>to import that certificate into the client side java certificate store
>>so that it recognizes the self-signed certificate as valid and trusted.
>>
>>thanks,
>>--Barry
>>
>>
>>John Laban wrote:
>>
>>>Thanks for the quick reply, but I'm still having some difficulty.
>>>
>>>I have been trying to connect to postgresql (redhat version 7.2.3.1)
>
> using
>
>>>JDBC and SSL - I am using the 7.4 development driver.
>>>
>>>I know that the server side is set up correctly because when connecting
>>>using psql the connection is established using SSL.
>>>
>>>
>>>However when connecting via JDBC I receive
>>>
>>>
>>>
>>>
>>>PostgreSQL 7.4devel JDBC3 with SSL (build 204)
>>>
>>>    ssl = true
>>>
>>>    compatible = 7.4
>>>
>>>    loglevel = 2
>>>
>>>Asking server if it supports ssl
>>>
>>>Server response was (S=Yes,N=No): S
>>>
>>>server does support ssl
>>>
>>>converting regular socket connection to ssl
>>>
>>>
>>>
>>>            at org.postgresql.core.PGStream.flush(PGStream.java:364)
>>>
>>>            at
>>>
>
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
>
>>>nection.java:269)
>>>
>>>            at org.postgresql.Driver.connect(Driver.java:137)
>>>
>>>            at
>
> java.sql.DriverManager.getConnection(DriverManager.java:512)
>
>>>            at
>
> java.sql.DriverManager.getConnection(DriverManager.java:140)
>
>>>            at docextractor.test.main(test.java:35)
>>>
>>>
>>>Exception: An I/O error has occured while flushing the output -
>
> Exception:
>
>>>javax.net.ssl.SSLHandshakeException:
>>>java.security.cert.CertificateException: Couldn't find trusted
>
> certificate
>
>>>Stack Trace:
>>>
>>>
>>>
>>>javax.net.ssl.SSLHandshakeException:
>>>java.security.cert.CertificateException: Couldn't find trusted
>
> certificate
>
>>>            at
>
> com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
>
>>>            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>>>
>>>            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>>>
>>>            at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>>>
>>>            at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>>>
>>>            at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
>>>
>>>            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>>>
>>>            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
>>>
>>>            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>>>
>>>            at
>>>com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
>>>
>>>            at
>>>java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
>>>
>>>            at
>>>java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
>>>
>>>            at org.postgresql.core.PGStream.flush(PGStream.java:360)
>>>
>>>            at
>>>
>
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
>
>>>nection.java:269)
>>>
>>>            at org.postgresql.Driver.connect(Driver.java:137)
>>>
>>>            at
>
> java.sql.DriverManager.getConnection(DriverManager.java:512)
>
>>>            at
>
> java.sql.DriverManager.getConnection(DriverManager.java:140)
>
>>>            at docextractor.test.main(test.java:35)
>>>
>>>
>>>Caused by: java.security.cert.CertificateException: Couldn't find
>
> trusted
>
>>>certificate
>>>
>>>
>>>            at
>>>com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
>>>
>>>            at
>>>
>
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
>
>>>275)
>>>
>>>            at
>>>
>
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
>
>>>275)
>>>
>>>            ... 15 more
>>>
>>>
>>>End of Stack Trace
>>>
>>>
>>>
>>>
>>>
>>>At the server side I get
>>>
>>>
>>>
>>>Failed to inititalize SSL Connection: sslv3 alert certificate unknown
>>>(Success)
>>>
>>>
>>>
>>>
>>>I have not been able to find any clear resolutions to this problem. If
>>>someone can shed some light on a solution to this problem it would be
>>>greatly appreciated.
>>>
>>>
>>>
>>>----- Original Message -----
>>>From: "Barry Lind" <blind@xythos.com>
>>>To: "John Laban" <johnl@infotn.com>
>>>Cc: <pgsql-jdbc@postgresql.org>
>>>Sent: Thursday, March 27, 2003 5:58 PM
>>>Subject: Re: [JDBC] JDBC with SSL
>>>
>>>
>>>
>>>
>>>>John,
>>>>
>>>>This hasn't yet made it to the documentation.
>>>>
>>>>but adding ?ssl to the url should be what you need.  (also consider
>>>>using &loglevel=2 to turn on debugging info).
>>>>
>>>>--Barry
>>>>
>>>>John Laban wrote:
>>>>
>>>>
>>>>>Hello,
>>>>>
>>>>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23)
>
> say
>
>>>they include support for SSL.  I can set up the server to use SSL, but I
>>>can't seem to get the JDBC driver to actually connect using SSL.  Is
>
> there
>
>>>any documentation on this?  Or is there a specific parameter I am
>
> supposed
>
>>>to include in the connection URL?
>>>
>>>
>>>>>Any help in this would be appreciated.
>>>>>
>>>>>John Laban
>>>>>
>>>>
>>>>
>>>>---------------------------(end of broadcast)---------------------------
>>>>TIP 5: Have you checked our extensive FAQ?
>>>>
>>>>http://www.postgresql.org/docs/faqs/FAQ.html
>>>
>>>
>>>
>>>---------------------------(end of broadcast)---------------------------
>>>TIP 6: Have you searched our list archives?
>>>
>>>http://archives.postgresql.org
>>>
>>
>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 6: Have you searched our list archives?
>>
>>http://archives.postgresql.org
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>


Re: JDBC with SSL

From
"Nagy Istvan"
Date:
Hi John,

try this one (i hope it works)

1. open the certificate in a text editor
2. look for the line starting like this: ------ BEGIN CERTIFICATE ...
3. cut the closing section of the file ( incl. the ---- BEGIN CERTIFICATE
and ---- END CERTIFICATE lines) and copy it into the file cert2.crt
4. run: $ keytool -import -alias alias_name -file cert2.crt
5. answer all questions and say that you trust this cert

If you were successful can you tell me about your config? I use jdk1.3.0_02
and jsse (I know it is an old conf) and PG 7.3 and I recieve an answer as
follows:"FATAL: failed to initialize SSL connection: wrong version number".
I see the next in the server's log file: "FATAL: failed to initialize SSL
connection: sslv3 alert handshake failure" then "FATAL: SSL SYSCALL error:
Connection reset by peer"

If i change the next line in the back and code :
SSL_context=SSL_CTX_new(TLSv1_method()) to
SSL_context=SSL_CTX_new(SSLv23_method()) and
initialize the factory in the jdbc driver by using SSLv23 then
everything is ok.

why?

regards / Istvan Nagy

----- Original Message -----
From: John Laban <johnl@infotn.com>
To: Barry Lind <blind@xythos.com>
Cc: <pgsql-jdbc@postgresql.org>
Sent: Friday, March 28, 2003 6:06 PM
Subject: Re: [JDBC] JDBC with SSL


> Hello again,
>
> I have made numerous attempts to import the certificate from the server to
> the client machine using java keytool with no success - the keytool
> complains that the file is not a valid X.509 format.
>
> Additionally, for my application, only the encryption of the channel is
> important so if it is possible to create an ssl connection without the
> authentication portion that would be the best solution.
>
>
> However I would still appreciate any information on how to import the
> certificate (as generated using the Postgresql documention) into the java
> certificate store.
>
>
>
> ----- Original Message -----
> From: "Barry Lind" <blind@xythos.com>
> To: "John Laban" <johnl@infotn.com>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Friday, March 28, 2003 11:11 AM
> Subject: Re: [JDBC] JDBC with SSL
>
>
> > John,
> >
> > The error message indicates that your client doesn't trust the servers
> > certificate.  My guess is that you are using a self-signed certificate
> > on the server.  If you want to be able to connect you are going to need
> > to import that certificate into the client side java certificate store
> > so that it recognizes the self-signed certificate as valid and trusted.
> >
> > thanks,
> > --Barry
> >
> >
> > John Laban wrote:
> > > Thanks for the quick reply, but I'm still having some difficulty.
> > >
> > > I have been trying to connect to postgresql (redhat version 7.2.3.1)
> using
> > > JDBC and SSL - I am using the 7.4 development driver.
> > >
> > > I know that the server side is set up correctly because when
connecting
> > > using psql the connection is established using SSL.
> > >
> > >
> > > However when connecting via JDBC I receive
> > >
> > >
> > >
> > >
> > > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> > >
> > >     ssl = true
> > >
> > >     compatible = 7.4
> > >
> > >     loglevel = 2
> > >
> > > Asking server if it supports ssl
> > >
> > > Server response was (S=Yes,N=No): S
> > >
> > > server does support ssl
> > >
> > > converting regular socket connection to ssl
> > >
> > >
> > >
> > >             at org.postgresql.core.PGStream.flush(PGStream.java:364)
> > >
> > >             at
> > >
>
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > nection.java:269)
> > >
> > >             at org.postgresql.Driver.connect(Driver.java:137)
> > >
> > >             at
> java.sql.DriverManager.getConnection(DriverManager.java:512)
> > >
> > >             at
> java.sql.DriverManager.getConnection(DriverManager.java:140)
> > >
> > >             at docextractor.test.main(test.java:35)
> > >
> > >
> > > Exception: An I/O error has occured while flushing the output -
> Exception:
> > > javax.net.ssl.SSLHandshakeException:
> > > java.security.cert.CertificateException: Couldn't find trusted
> certificate
> > >
> > > Stack Trace:
> > >
> > >
> > >
> > > javax.net.ssl.SSLHandshakeException:
> > > java.security.cert.CertificateException: Couldn't find trusted
> certificate
> > >
> > >             at
> com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > >
> > >             at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > >             at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > >
> > >             at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > >
> > >             at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > >             at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > >
> > >             at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > >             at
> > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> > >
> > >             at
> > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> > >
> > >             at
> > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> > >
> > >             at org.postgresql.core.PGStream.flush(PGStream.java:360)
> > >
> > >             at
> > >
>
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > nection.java:269)
> > >
> > >             at org.postgresql.Driver.connect(Driver.java:137)
> > >
> > >             at
> java.sql.DriverManager.getConnection(DriverManager.java:512)
> > >
> > >             at
> java.sql.DriverManager.getConnection(DriverManager.java:140)
> > >
> > >             at docextractor.test.main(test.java:35)
> > >
> > >
> > > Caused by: java.security.cert.CertificateException: Couldn't find
> trusted
> > > certificate
> > >
> > >
> > >             at
> > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> > >
> > >             at
> > >
>
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > > 275)
> > >
> > >             at
> > >
>
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > > 275)
> > >
> > >             ... 15 more
> > >
> > >
> > > End of Stack Trace
> > >
> > >
> > >
> > >
> > >
> > > At the server side I get
> > >
> > >
> > >
> > > Failed to inititalize SSL Connection: sslv3 alert certificate unknown
> > > (Success)
> > >
> > >
> > >
> > >
> > > I have not been able to find any clear resolutions to this problem. If
> > > someone can shed some light on a solution to this problem it would be
> > > greatly appreciated.
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Barry Lind" <blind@xythos.com>
> > > To: "John Laban" <johnl@infotn.com>
> > > Cc: <pgsql-jdbc@postgresql.org>
> > > Sent: Thursday, March 27, 2003 5:58 PM
> > > Subject: Re: [JDBC] JDBC with SSL
> > >
> > >
> > >
> > >>John,
> > >>
> > >>This hasn't yet made it to the documentation.
> > >>
> > >>but adding ?ssl to the url should be what you need.  (also consider
> > >>using &loglevel=2 to turn on debugging info).
> > >>
> > >>--Barry
> > >>
> > >>John Laban wrote:
> > >>
> > >>>Hello,
> > >>>
> > >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23)
> say
> > >
> > > they include support for SSL.  I can set up the server to use SSL, but
I
> > > can't seem to get the JDBC driver to actually connect using SSL.  Is
> there
> > > any documentation on this?  Or is there a specific parameter I am
> supposed
> > > to include in the connection URL?
> > >
> > >>>Any help in this would be appreciated.
> > >>>
> > >>>John Laban
> > >>>
> > >>
> > >>
> > >>---------------------------(end of
broadcast)---------------------------
> > >>TIP 5: Have you checked our extensive FAQ?
> > >>
> > >>http://www.postgresql.org/docs/faqs/FAQ.html
> > >
> > >
> > >
> > > ---------------------------(end of
broadcast)---------------------------
> > > TIP 6: Have you searched our list archives?
> > >
> > > http://archives.postgresql.org
> > >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>


Re: JDBC with SSL

From
"John Laban"
Date:
Thanks for the tip, but sorry, no luck.

As for us, we're going to try modifiying the driver to use a custom
SSLSocketFactory that won't care about the authentication procedure.

Thanks,
John Laban


----- Original Message -----
From: "Nagy Istvan" <nistvan@ecity.agria.hu>
To: "John Laban" <johnl@infotn.com>
Cc: <pgsql-jdbc@postgresql.org>
Sent: Friday, March 28, 2003 2:07 PM
Subject: Re: [JDBC] JDBC with SSL


> Hi John,
>
> try this one (i hope it works)
>
> 1. open the certificate in a text editor
> 2. look for the line starting like this: ------ BEGIN CERTIFICATE ...
> 3. cut the closing section of the file ( incl. the ---- BEGIN CERTIFICATE
> and ---- END CERTIFICATE lines) and copy it into the file cert2.crt
> 4. run: $ keytool -import -alias alias_name -file cert2.crt
> 5. answer all questions and say that you trust this cert
>
> If you were successful can you tell me about your config? I use
jdk1.3.0_02
> and jsse (I know it is an old conf) and PG 7.3 and I recieve an answer as
> follows:"FATAL: failed to initialize SSL connection: wrong version
number".
> I see the next in the server's log file: "FATAL: failed to initialize SSL
> connection: sslv3 alert handshake failure" then "FATAL: SSL SYSCALL error:
> Connection reset by peer"
>
> If i change the next line in the back and code :
> SSL_context=SSL_CTX_new(TLSv1_method()) to
> SSL_context=SSL_CTX_new(SSLv23_method()) and
> initialize the factory in the jdbc driver by using SSLv23 then
> everything is ok.
>
> why?
>
> regards / Istvan Nagy
>
> ----- Original Message -----
> From: John Laban <johnl@infotn.com>
> To: Barry Lind <blind@xythos.com>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Friday, March 28, 2003 6:06 PM
> Subject: Re: [JDBC] JDBC with SSL
>
>
> > Hello again,
> >
> > I have made numerous attempts to import the certificate from the server
to
> > the client machine using java keytool with no success - the keytool
> > complains that the file is not a valid X.509 format.
> >
> > Additionally, for my application, only the encryption of the channel is
> > important so if it is possible to create an ssl connection without the
> > authentication portion that would be the best solution.
> >
> >
> > However I would still appreciate any information on how to import the
> > certificate (as generated using the Postgresql documention) into the
java
> > certificate store.
> >
> >
> >
> > ----- Original Message -----
> > From: "Barry Lind" <blind@xythos.com>
> > To: "John Laban" <johnl@infotn.com>
> > Cc: <pgsql-jdbc@postgresql.org>
> > Sent: Friday, March 28, 2003 11:11 AM
> > Subject: Re: [JDBC] JDBC with SSL
> >
> >
> > > John,
> > >
> > > The error message indicates that your client doesn't trust the servers
> > > certificate.  My guess is that you are using a self-signed certificate
> > > on the server.  If you want to be able to connect you are going to
need
> > > to import that certificate into the client side java certificate store
> > > so that it recognizes the self-signed certificate as valid and
trusted.
> > >
> > > thanks,
> > > --Barry
> > >
> > >
> > > John Laban wrote:
> > > > Thanks for the quick reply, but I'm still having some difficulty.
> > > >
> > > > I have been trying to connect to postgresql (redhat version 7.2.3.1)
> > using
> > > > JDBC and SSL - I am using the 7.4 development driver.
> > > >
> > > > I know that the server side is set up correctly because when
> connecting
> > > > using psql the connection is established using SSL.
> > > >
> > > >
> > > > However when connecting via JDBC I receive
> > > >
> > > >
> > > >
> > > >
> > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> > > >
> > > >     ssl = true
> > > >
> > > >     compatible = 7.4
> > > >
> > > >     loglevel = 2
> > > >
> > > > Asking server if it supports ssl
> > > >
> > > > Server response was (S=Yes,N=No): S
> > > >
> > > > server does support ssl
> > > >
> > > > converting regular socket connection to ssl
> > > >
> > > >
> > > >
> > > >             at org.postgresql.core.PGStream.flush(PGStream.java:364)
> > > >
> > > >             at
> > > >
> >
>
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > nection.java:269)
> > > >
> > > >             at org.postgresql.Driver.connect(Driver.java:137)
> > > >
> > > >             at
> > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > >
> > > >             at
> > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > >
> > > >             at docextractor.test.main(test.java:35)
> > > >
> > > >
> > > > Exception: An I/O error has occured while flushing the output -
> > Exception:
> > > > javax.net.ssl.SSLHandshakeException:
> > > > java.security.cert.CertificateException: Couldn't find trusted
> > certificate
> > > >
> > > > Stack Trace:
> > > >
> > > >
> > > >
> > > > javax.net.ssl.SSLHandshakeException:
> > > > java.security.cert.CertificateException: Couldn't find trusted
> > certificate
> > > >
> > > >             at
> > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > > >
> > > >             at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > >
> > > >             at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > >
> > > >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > >
> > > >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > >
> > > >             at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > > >
> > > >             at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > >
> > > >             at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > > >
> > > >             at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > >
> > > >             at
> > > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> > > >
> > > >             at
> > > >
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> > > >
> > > >             at
> > > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> > > >
> > > >             at org.postgresql.core.PGStream.flush(PGStream.java:360)
> > > >
> > > >             at
> > > >
> >
>
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > nection.java:269)
> > > >
> > > >             at org.postgresql.Driver.connect(Driver.java:137)
> > > >
> > > >             at
> > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > >
> > > >             at
> > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > >
> > > >             at docextractor.test.main(test.java:35)
> > > >
> > > >
> > > > Caused by: java.security.cert.CertificateException: Couldn't find
> > trusted
> > > > certificate
> > > >
> > > >
> > > >             at
> > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> > > >
> > > >             at
> > > >
> >
>
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > > > 275)
> > > >
> > > >             at
> > > >
> >
>
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > > > 275)
> > > >
> > > >             ... 15 more
> > > >
> > > >
> > > > End of Stack Trace
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > At the server side I get
> > > >
> > > >
> > > >
> > > > Failed to inititalize SSL Connection: sslv3 alert certificate
unknown
> > > > (Success)
> > > >
> > > >
> > > >
> > > >
> > > > I have not been able to find any clear resolutions to this problem.
If
> > > > someone can shed some light on a solution to this problem it would
be
> > > > greatly appreciated.
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Barry Lind" <blind@xythos.com>
> > > > To: "John Laban" <johnl@infotn.com>
> > > > Cc: <pgsql-jdbc@postgresql.org>
> > > > Sent: Thursday, March 27, 2003 5:58 PM
> > > > Subject: Re: [JDBC] JDBC with SSL
> > > >
> > > >
> > > >
> > > >>John,
> > > >>
> > > >>This hasn't yet made it to the documentation.
> > > >>
> > > >>but adding ?ssl to the url should be what you need.  (also consider
> > > >>using &loglevel=2 to turn on debugging info).
> > > >>
> > > >>--Barry
> > > >>
> > > >>John Laban wrote:
> > > >>
> > > >>>Hello,
> > > >>>
> > > >>>The newest developement JDBC drivers (7.4dev, build 204,
2003-03-23)
> > say
> > > >
> > > > they include support for SSL.  I can set up the server to use SSL,
but
> I
> > > > can't seem to get the JDBC driver to actually connect using SSL.  Is
> > there
> > > > any documentation on this?  Or is there a specific parameter I am
> > supposed
> > > > to include in the connection URL?
> > > >
> > > >>>Any help in this would be appreciated.
> > > >>>
> > > >>>John Laban
> > > >>>
> > > >>
> > > >>
> > > >>---------------------------(end of
> broadcast)---------------------------
> > > >>TIP 5: Have you checked our extensive FAQ?
> > > >>
> > > >>http://www.postgresql.org/docs/faqs/FAQ.html
> > > >
> > > >
> > > >
> > > > ---------------------------(end of
> broadcast)---------------------------
> > > > TIP 6: Have you searched our list archives?
> > > >
> > > > http://archives.postgresql.org
> > > >
> > >
> > >
> > > ---------------------------(end of
broadcast)---------------------------
> > > TIP 6: Have you searched our list archives?
> > >
> > > http://archives.postgresql.org
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 4: Don't 'kill -9' the postmaster
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org


Re: JDBC with SSL

From
Csaba Nagy
Date:
The following piece of code did it for us (I've found it):

static {
        // add support for https and the like
        System.setProperty("java.protocol.handler.pkgs",
                "com.sun.net.ssl.internal.www.protocol");
        Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());

        try {
            SSLContext ctx = SSLContext.getInstance("TLS");
            ctx.init(
              null,
              new TrustManager[] {
                  new X509TrustManager() {
                      public X509Certificate[] getAcceptedIssuers() {
                          return new X509Certificate[0];
                      }

                      public boolean isClientTrusted(X509Certificate[]
x509Certificates) {
                          return true;
                      }

                      public boolean isServerTrusted(X509Certificate[]
x509Certificates) {
                          return true;
                      }
                  }
              },
              null
            );


HTTPConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
        } catch (Exception e) {
            System.out.println("Failed to set SSL socket factory for
HTTPClient. There might be problems with https.");
        }

}

HTH,
CSaba.


On Fri, 2003-03-28 at 21:08, John Laban wrote:
> Thanks for the tip, but sorry, no luck.
>
> As for us, we're going to try modifiying the driver to use a custom
> SSLSocketFactory that won't care about the authentication procedure.
>
> Thanks,
> John Laban
>
>
> ----- Original Message -----
> From: "Nagy Istvan" <nistvan@ecity.agria.hu>
> To: "John Laban" <johnl@infotn.com>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Friday, March 28, 2003 2:07 PM
> Subject: Re: [JDBC] JDBC with SSL
>
>
> > Hi John,
> >
> > try this one (i hope it works)
> >
> > 1. open the certificate in a text editor
> > 2. look for the line starting like this: ------ BEGIN CERTIFICATE ...
> > 3. cut the closing section of the file ( incl. the ---- BEGIN CERTIFICATE
> > and ---- END CERTIFICATE lines) and copy it into the file cert2.crt
> > 4. run: $ keytool -import -alias alias_name -file cert2.crt
> > 5. answer all questions and say that you trust this cert
> >
> > If you were successful can you tell me about your config? I use
> jdk1.3.0_02
> > and jsse (I know it is an old conf) and PG 7.3 and I recieve an answer as
> > follows:"FATAL: failed to initialize SSL connection: wrong version
> number".
> > I see the next in the server's log file: "FATAL: failed to initialize SSL
> > connection: sslv3 alert handshake failure" then "FATAL: SSL SYSCALL error:
> > Connection reset by peer"
> >
> > If i change the next line in the back and code :
> > SSL_context=SSL_CTX_new(TLSv1_method()) to
> > SSL_context=SSL_CTX_new(SSLv23_method()) and
> > initialize the factory in the jdbc driver by using SSLv23 then
> > everything is ok.
> >
> > why?
> >
> > regards / Istvan Nagy
> >
> > ----- Original Message -----
> > From: John Laban <johnl@infotn.com>
> > To: Barry Lind <blind@xythos.com>
> > Cc: <pgsql-jdbc@postgresql.org>
> > Sent: Friday, March 28, 2003 6:06 PM
> > Subject: Re: [JDBC] JDBC with SSL
> >
> >
> > > Hello again,
> > >
> > > I have made numerous attempts to import the certificate from the server
> to
> > > the client machine using java keytool with no success - the keytool
> > > complains that the file is not a valid X.509 format.
> > >
> > > Additionally, for my application, only the encryption of the channel is
> > > important so if it is possible to create an ssl connection without the
> > > authentication portion that would be the best solution.
> > >
> > >
> > > However I would still appreciate any information on how to import the
> > > certificate (as generated using the Postgresql documention) into the
> java
> > > certificate store.
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Barry Lind" <blind@xythos.com>
> > > To: "John Laban" <johnl@infotn.com>
> > > Cc: <pgsql-jdbc@postgresql.org>
> > > Sent: Friday, March 28, 2003 11:11 AM
> > > Subject: Re: [JDBC] JDBC with SSL
> > >
> > >
> > > > John,
> > > >
> > > > The error message indicates that your client doesn't trust the servers
> > > > certificate.  My guess is that you are using a self-signed certificate
> > > > on the server.  If you want to be able to connect you are going to
> need
> > > > to import that certificate into the client side java certificate store
> > > > so that it recognizes the self-signed certificate as valid and
> trusted.
> > > >
> > > > thanks,
> > > > --Barry
> > > >
> > > >
> > > > John Laban wrote:
> > > > > Thanks for the quick reply, but I'm still having some difficulty.
> > > > >
> > > > > I have been trying to connect to postgresql (redhat version 7.2.3.1)
> > > using
> > > > > JDBC and SSL - I am using the 7.4 development driver.
> > > > >
> > > > > I know that the server side is set up correctly because when
> > connecting
> > > > > using psql the connection is established using SSL.
> > > > >
> > > > >
> > > > > However when connecting via JDBC I receive
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> > > > >
> > > > >     ssl = true
> > > > >
> > > > >     compatible = 7.4
> > > > >
> > > > >     loglevel = 2
> > > > >
> > > > > Asking server if it supports ssl
> > > > >
> > > > > Server response was (S=Yes,N=No): S
> > > > >
> > > > > server does support ssl
> > > > >
> > > > > converting regular socket connection to ssl
> > > > >
> > > > >
> > > > >
> > > > >             at org.postgresql.core.PGStream.flush(PGStream.java:364)
> > > > >
> > > > >             at
> > > > >
> > >
> >
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > nection.java:269)
> > > > >
> > > > >             at org.postgresql.Driver.connect(Driver.java:137)
> > > > >
> > > > >             at
> > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > >
> > > > >             at
> > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > >
> > > > >             at docextractor.test.main(test.java:35)
> > > > >
> > > > >
> > > > > Exception: An I/O error has occured while flushing the output -
> > > Exception:
> > > > > javax.net.ssl.SSLHandshakeException:
> > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > certificate
> > > > >
> > > > > Stack Trace:
> > > > >
> > > > >
> > > > >
> > > > > javax.net.ssl.SSLHandshakeException:
> > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > certificate
> > > > >
> > > > >             at
> > > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > > > >
> > > > >             at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > >
> > > > >             at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > >
> > > > >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > >
> > > > >             at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > >
> > > > >             at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > > > >
> > > > >             at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > >
> > > > >             at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > > > >
> > > > >             at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > >
> > > > >             at
> > > > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> > > > >
> > > > >             at
> > > > >
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> > > > >
> > > > >             at
> > > > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> > > > >
> > > > >             at org.postgresql.core.PGStream.flush(PGStream.java:360)
> > > > >
> > > > >             at
> > > > >
> > >
> >
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > nection.java:269)
> > > > >
> > > > >             at org.postgresql.Driver.connect(Driver.java:137)
> > > > >
> > > > >             at
> > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > >
> > > > >             at
> > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > >
> > > > >             at docextractor.test.main(test.java:35)
> > > > >
> > > > >
> > > > > Caused by: java.security.cert.CertificateException: Couldn't find
> > > trusted
> > > > > certificate
> > > > >
> > > > >
> > > > >             at
> > > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> > > > >
> > > > >             at
> > > > >
> > >
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > > > > 275)
> > > > >
> > > > >             at
> > > > >
> > >
> >
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > > > > 275)
> > > > >
> > > > >             ... 15 more
> > > > >
> > > > >
> > > > > End of Stack Trace
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > At the server side I get
> > > > >
> > > > >
> > > > >
> > > > > Failed to inititalize SSL Connection: sslv3 alert certificate
> unknown
> > > > > (Success)
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > I have not been able to find any clear resolutions to this problem.
> If
> > > > > someone can shed some light on a solution to this problem it would
> be
> > > > > greatly appreciated.
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Barry Lind" <blind@xythos.com>
> > > > > To: "John Laban" <johnl@infotn.com>
> > > > > Cc: <pgsql-jdbc@postgresql.org>
> > > > > Sent: Thursday, March 27, 2003 5:58 PM
> > > > > Subject: Re: [JDBC] JDBC with SSL
> > > > >
> > > > >
> > > > >
> > > > >>John,
> > > > >>
> > > > >>This hasn't yet made it to the documentation.
> > > > >>
> > > > >>but adding ?ssl to the url should be what you need.  (also consider
> > > > >>using &loglevel=2 to turn on debugging info).
> > > > >>
> > > > >>--Barry
> > > > >>
> > > > >>John Laban wrote:
> > > > >>
> > > > >>>Hello,
> > > > >>>
> > > > >>>The newest developement JDBC drivers (7.4dev, build 204,
> 2003-03-23)
> > > say
> > > > >
> > > > > they include support for SSL.  I can set up the server to use SSL,
> but
> > I
> > > > > can't seem to get the JDBC driver to actually connect using SSL.  Is
> > > there
> > > > > any documentation on this?  Or is there a specific parameter I am
> > > supposed
> > > > > to include in the connection URL?
> > > > >
> > > > >>>Any help in this would be appreciated.
> > > > >>>
> > > > >>>John Laban
> > > > >>>
> > > > >>
> > > > >>
> > > > >>---------------------------(end of
> > broadcast)---------------------------
> > > > >>TIP 5: Have you checked our extensive FAQ?
> > > > >>
> > > > >>http://www.postgresql.org/docs/faqs/FAQ.html
> > > > >
> > > > >
> > > > >
> > > > > ---------------------------(end of
> > broadcast)---------------------------
> > > > > TIP 6: Have you searched our list archives?
> > > > >
> > > > > http://archives.postgresql.org
> > > > >
> > > >
> > > >
> > > > ---------------------------(end of
> broadcast)---------------------------
> > > > TIP 6: Have you searched our list archives?
> > > >
> > > > http://archives.postgresql.org
> > >
> > >
> > > ---------------------------(end of broadcast)---------------------------
> > > TIP 4: Don't 'kill -9' the postmaster
> > >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>


Re: JDBC with SSL

From
"John Laban"
Date:
That is exactly what we did Friday afternoon, and it works great.

Thanks,
John


----- Original Message -----
From: "Csaba Nagy" <nagy@ecircle-ag.com>
To: "John Laban" <johnl@infotn.com>
Cc: "Nagy Istvan" <nistvan@ecity.agria.hu>; "Postgres JDBC"
<pgsql-jdbc@postgresql.org>
Sent: Monday, March 31, 2003 3:29 AM
Subject: Re: [JDBC] JDBC with SSL


> The following piece of code did it for us (I've found it):
>
> static {
>         // add support for https and the like
>         System.setProperty("java.protocol.handler.pkgs",
>                 "com.sun.net.ssl.internal.www.protocol");
>         Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
>
>         try {
>             SSLContext ctx = SSLContext.getInstance("TLS");
>             ctx.init(
>               null,
>               new TrustManager[] {
>                   new X509TrustManager() {
>                       public X509Certificate[] getAcceptedIssuers() {
>                           return new X509Certificate[0];
>                       }
>
>                       public boolean isClientTrusted(X509Certificate[]
> x509Certificates) {
>                           return true;
>                       }
>
>                       public boolean isServerTrusted(X509Certificate[]
> x509Certificates) {
>                           return true;
>                       }
>                   }
>               },
>               null
>             );
>
>
> HTTPConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
>         } catch (Exception e) {
>             System.out.println("Failed to set SSL socket factory for
> HTTPClient. There might be problems with https.");
>         }
>
> }
>
> HTH,
> CSaba.
>
>
> On Fri, 2003-03-28 at 21:08, John Laban wrote:
> > Thanks for the tip, but sorry, no luck.
> >
> > As for us, we're going to try modifiying the driver to use a custom
> > SSLSocketFactory that won't care about the authentication procedure.
> >
> > Thanks,
> > John Laban
> >
> >
> > ----- Original Message -----
> > From: "Nagy Istvan" <nistvan@ecity.agria.hu>
> > To: "John Laban" <johnl@infotn.com>
> > Cc: <pgsql-jdbc@postgresql.org>
> > Sent: Friday, March 28, 2003 2:07 PM
> > Subject: Re: [JDBC] JDBC with SSL
> >
> >
> > > Hi John,
> > >
> > > try this one (i hope it works)
> > >
> > > 1. open the certificate in a text editor
> > > 2. look for the line starting like this: ------ BEGIN CERTIFICATE ...
> > > 3. cut the closing section of the file ( incl. the ---- BEGIN
CERTIFICATE
> > > and ---- END CERTIFICATE lines) and copy it into the file cert2.crt
> > > 4. run: $ keytool -import -alias alias_name -file cert2.crt
> > > 5. answer all questions and say that you trust this cert
> > >
> > > If you were successful can you tell me about your config? I use
> > jdk1.3.0_02
> > > and jsse (I know it is an old conf) and PG 7.3 and I recieve an answer
as
> > > follows:"FATAL: failed to initialize SSL connection: wrong version
> > number".
> > > I see the next in the server's log file: "FATAL: failed to initialize
SSL
> > > connection: sslv3 alert handshake failure" then "FATAL: SSL SYSCALL
error:
> > > Connection reset by peer"
> > >
> > > If i change the next line in the back and code :
> > > SSL_context=SSL_CTX_new(TLSv1_method()) to
> > > SSL_context=SSL_CTX_new(SSLv23_method()) and
> > > initialize the factory in the jdbc driver by using SSLv23 then
> > > everything is ok.
> > >
> > > why?
> > >
> > > regards / Istvan Nagy
> > >
> > > ----- Original Message -----
> > > From: John Laban <johnl@infotn.com>
> > > To: Barry Lind <blind@xythos.com>
> > > Cc: <pgsql-jdbc@postgresql.org>
> > > Sent: Friday, March 28, 2003 6:06 PM
> > > Subject: Re: [JDBC] JDBC with SSL
> > >
> > >
> > > > Hello again,
> > > >
> > > > I have made numerous attempts to import the certificate from the
server
> > to
> > > > the client machine using java keytool with no success - the keytool
> > > > complains that the file is not a valid X.509 format.
> > > >
> > > > Additionally, for my application, only the encryption of the channel
is
> > > > important so if it is possible to create an ssl connection without
the
> > > > authentication portion that would be the best solution.
> > > >
> > > >
> > > > However I would still appreciate any information on how to import
the
> > > > certificate (as generated using the Postgresql documention) into the
> > java
> > > > certificate store.
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Barry Lind" <blind@xythos.com>
> > > > To: "John Laban" <johnl@infotn.com>
> > > > Cc: <pgsql-jdbc@postgresql.org>
> > > > Sent: Friday, March 28, 2003 11:11 AM
> > > > Subject: Re: [JDBC] JDBC with SSL
> > > >
> > > >
> > > > > John,
> > > > >
> > > > > The error message indicates that your client doesn't trust the
servers
> > > > > certificate.  My guess is that you are using a self-signed
certificate
> > > > > on the server.  If you want to be able to connect you are going to
> > need
> > > > > to import that certificate into the client side java certificate
store
> > > > > so that it recognizes the self-signed certificate as valid and
> > trusted.
> > > > >
> > > > > thanks,
> > > > > --Barry
> > > > >
> > > > >
> > > > > John Laban wrote:
> > > > > > Thanks for the quick reply, but I'm still having some
difficulty.
> > > > > >
> > > > > > I have been trying to connect to postgresql (redhat version
7.2.3.1)
> > > > using
> > > > > > JDBC and SSL - I am using the 7.4 development driver.
> > > > > >
> > > > > > I know that the server side is set up correctly because when
> > > connecting
> > > > > > using psql the connection is established using SSL.
> > > > > >
> > > > > >
> > > > > > However when connecting via JDBC I receive
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> > > > > >
> > > > > >     ssl = true
> > > > > >
> > > > > >     compatible = 7.4
> > > > > >
> > > > > >     loglevel = 2
> > > > > >
> > > > > > Asking server if it supports ssl
> > > > > >
> > > > > > Server response was (S=Yes,N=No): S
> > > > > >
> > > > > > server does support ssl
> > > > > >
> > > > > > converting regular socket connection to ssl
> > > > > >
> > > > > >
> > > > > >
> > > > > >             at
org.postgresql.core.PGStream.flush(PGStream.java:364)
> > > > > >
> > > > > >             at
> > > > > >
> > > >
> > >
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > > nection.java:269)
> > > > > >
> > > > > >             at org.postgresql.Driver.connect(Driver.java:137)
> > > > > >
> > > > > >             at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > > >
> > > > > >             at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > > >
> > > > > >             at docextractor.test.main(test.java:35)
> > > > > >
> > > > > >
> > > > > > Exception: An I/O error has occured while flushing the output -
> > > > Exception:
> > > > > > javax.net.ssl.SSLHandshakeException:
> > > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > > certificate
> > > > > >
> > > > > > Stack Trace:
> > > > > >
> > > > > >
> > > > > >
> > > > > > javax.net.ssl.SSLHandshakeException:
> > > > > > java.security.cert.CertificateException: Couldn't find trusted
> > > > certificate
> > > > > >
> > > > > >             at
> > > > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > >             at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > >             at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > >             at
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > > >
> > > > > >             at
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > > > >
> > > > > >             at
com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > > > > >
> > > > > >             at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > >             at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > > > > >
> > > > > >             at
> > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > > > >
> > > > > >             at
> > > > > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> > > > > >
> > > > > >             at
> > > > > >
> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> > > > > >
> > > > > >             at
> > > > > >
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> > > > > >
> > > > > >             at
org.postgresql.core.PGStream.flush(PGStream.java:360)
> > > > > >
> > > > > >             at
> > > > > >
> > > >
> > >
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > > > > nection.java:269)
> > > > > >
> > > > > >             at org.postgresql.Driver.connect(Driver.java:137)
> > > > > >
> > > > > >             at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:512)
> > > > > >
> > > > > >             at
> > > > java.sql.DriverManager.getConnection(DriverManager.java:140)
> > > > > >
> > > > > >             at docextractor.test.main(test.java:35)
> > > > > >
> > > > > >
> > > > > > Caused by: java.security.cert.CertificateException: Couldn't
find
> > > > trusted
> > > > > > certificate
> > > > > >
> > > > > >
> > > > > >             at
> > > > > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> > > > > >
> > > > > >             at
> > > > > >
> > > >
> > >
> >
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > > > > > 275)
> > > > > >
> > > > > >             at
> > > > > >
> > > >
> > >
> >
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > > > > > 275)
> > > > > >
> > > > > >             ... 15 more
> > > > > >
> > > > > >
> > > > > > End of Stack Trace
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > At the server side I get
> > > > > >
> > > > > >
> > > > > >
> > > > > > Failed to inititalize SSL Connection: sslv3 alert certificate
> > unknown
> > > > > > (Success)
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > I have not been able to find any clear resolutions to this
problem.
> > If
> > > > > > someone can shed some light on a solution to this problem it
would
> > be
> > > > > > greatly appreciated.
> > > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Barry Lind" <blind@xythos.com>
> > > > > > To: "John Laban" <johnl@infotn.com>
> > > > > > Cc: <pgsql-jdbc@postgresql.org>
> > > > > > Sent: Thursday, March 27, 2003 5:58 PM
> > > > > > Subject: Re: [JDBC] JDBC with SSL
> > > > > >
> > > > > >
> > > > > >
> > > > > >>John,
> > > > > >>
> > > > > >>This hasn't yet made it to the documentation.
> > > > > >>
> > > > > >>but adding ?ssl to the url should be what you need.  (also
consider
> > > > > >>using &loglevel=2 to turn on debugging info).
> > > > > >>
> > > > > >>--Barry
> > > > > >>
> > > > > >>John Laban wrote:
> > > > > >>
> > > > > >>>Hello,
> > > > > >>>
> > > > > >>>The newest developement JDBC drivers (7.4dev, build 204,
> > 2003-03-23)
> > > > say
> > > > > >
> > > > > > they include support for SSL.  I can set up the server to use
SSL,
> > but
> > > I
> > > > > > can't seem to get the JDBC driver to actually connect using SSL.
Is
> > > > there
> > > > > > any documentation on this?  Or is there a specific parameter I
am
> > > > supposed
> > > > > > to include in the connection URL?
> > > > > >
> > > > > >>>Any help in this would be appreciated.
> > > > > >>>
> > > > > >>>John Laban
> > > > > >>>
> > > > > >>
> > > > > >>
> > > > > >>---------------------------(end of
> > > broadcast)---------------------------
> > > > > >>TIP 5: Have you checked our extensive FAQ?
> > > > > >>
> > > > > >>http://www.postgresql.org/docs/faqs/FAQ.html
> > > > > >
> > > > > >
> > > > > >
> > > > > > ---------------------------(end of
> > > broadcast)---------------------------
> > > > > > TIP 6: Have you searched our list archives?
> > > > > >
> > > > > > http://archives.postgresql.org
> > > > > >
> > > > >
> > > > >
> > > > > ---------------------------(end of
> > broadcast)---------------------------
> > > > > TIP 6: Have you searched our list archives?
> > > > >
> > > > > http://archives.postgresql.org
> > > >
> > > >
> > > > ---------------------------(end of
broadcast)---------------------------
> > > > TIP 4: Don't 'kill -9' the postmaster
> > > >
> > >
> > >
> > > ---------------------------(end of
broadcast)---------------------------
> > > TIP 6: Have you searched our list archives?
> > >
> > > http://archives.postgresql.org
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an appropriate
> > subscribe-nomail command to majordomo@postgresql.org so that your
> > message can get through to the mailing list cleanly
> >
>