Thread: JDBC with SSL

JDBC with SSL

From
Angel Todorov
Date:
Hello,
I have a question regarding the SSL support of  the development JDBC3
driver. I want to connect securely to a postgresql database . My
environment is the following:

PostgreSQL server version: PostgreSQL 7.3.2
OS on which the server is running: OpenBSD 3.3

--- from postgresql.conf ---

ssl = true

----------------------------

I have also generated the needed certificates for the SSL support as
described in the PostgreSQL manual under" 3.7. Secure TCP/IP Connections
with SSL".

The client enviroment is the following:
OS: Windows XP
JDK : j2sdk1.4.2_01
jdbc driver: JDBC3, development version
IDE: Eclipse

Normally, without SSL, the connectivity is O.K

When enabled, the following exception is thrown:

org.postgresql.util.PSQLException: An I/O error has occured while
flushing the output - Exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found

Here is also a small part of the stack trace:
--------------------------------------------------
Caused by: sun.security.validator.ValidatorException: No trusted
certificate found
   at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown
Source)
   at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
   at sun.security.validator.Validator.validate(Unknown Source)
   at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
   at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
Source)
   ... 16 more
End of Stack Trace

   at org.postgresql.core.PGStream.flush(PGStream.java:416)
   at
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnectionV3(AbstractJdbc1Connection.java:284)

   at
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Connection.java:213)

   at org.postgresql.Driver.connect(Driver.java:138)
   at java.sql.DriverManager.getConnection(Unknown Source)
   at java.sql.DriverManager.getConnection(Unknown Source)
   at PostgreSQLSSL.main(PostgreSQLSSL.java:33)
java.lang.NullPointerException
   at PostgreSQLSSL.main(PostgreSQLSSL.java:39)
Exception in thread "main"
-----------------------------------------------------

The code that generates the above Exception is :

--- START ------

   public static void main(String[] args) throws SQLException {

       Properties opt = new Properties();
             opt.setProperty("ssl", "true");
       opt.setProperty("user", username);
       opt.setProperty("password", password);

       Connection db=null;
             try {
                 Class driver=Class.forName("org.postgresql.Driver");
       db = DriverManager.getConnection(url, opt);
       } catch (Exception e) {
           e.printStackTrace();
       }
------- END ------------

I have imported the server's certificate using the keytool successfully
, though the exception states that no *trusted* certificate is found. My
certificate is self-signed. Could it be the problem that the certificate
is not accepted (i.e i have to create it differently either on the
server side, or import it differently on the client side) ? Or maybe
there is a conflict between the PostgreSQL and JDBC3 versions?

Thanks a lot in advance for your help.

Regards,

Angel


Re: JDBC with SSL

From
Barry Lind
Date:
Can you provide the steps you used to create and import your cert?

thanks,
--Barry


Angel Todorov wrote:
> Hello,
> I have a question regarding the SSL support of  the development JDBC3
> driver. I want to connect securely to a postgresql database . My
> environment is the following:
>
> PostgreSQL server version: PostgreSQL 7.3.2
> OS on which the server is running: OpenBSD 3.3
>
> --- from postgresql.conf ---
>
> ssl = true
>
> ----------------------------
>
> I have also generated the needed certificates for the SSL support as
> described in the PostgreSQL manual under" 3.7. Secure TCP/IP Connections
> with SSL".
>
> The client enviroment is the following:
> OS: Windows XP
> JDK : j2sdk1.4.2_01
> jdbc driver: JDBC3, development version
> IDE: Eclipse
>
> Normally, without SSL, the connectivity is O.K
>
> When enabled, the following exception is thrown:
>
> org.postgresql.util.PSQLException: An I/O error has occured while
> flushing the output - Exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
>
> Here is also a small part of the stack trace:
> --------------------------------------------------
> Caused by: sun.security.validator.ValidatorException: No trusted
> certificate found
>   at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown
> Source)
>   at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
>   at sun.security.validator.Validator.validate(Unknown Source)
>   at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
>   at
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
> Source)
>   ... 16 more
> End of Stack Trace
>
>   at org.postgresql.core.PGStream.flush(PGStream.java:416)
>   at
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnectionV3(AbstractJdbc1Connection.java:284)
>
>   at
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Connection.java:213)
>
>   at org.postgresql.Driver.connect(Driver.java:138)
>   at java.sql.DriverManager.getConnection(Unknown Source)
>   at java.sql.DriverManager.getConnection(Unknown Source)
>   at PostgreSQLSSL.main(PostgreSQLSSL.java:33)
> java.lang.NullPointerException
>   at PostgreSQLSSL.main(PostgreSQLSSL.java:39)
> Exception in thread "main"
> -----------------------------------------------------
>
> The code that generates the above Exception is :
>
> --- START ------
>
>   public static void main(String[] args) throws SQLException {
>
>       Properties opt = new Properties();
>             opt.setProperty("ssl", "true");
>       opt.setProperty("user", username);
>       opt.setProperty("password", password);
>
>       Connection db=null;
>             try {
>                 Class driver=Class.forName("org.postgresql.Driver");
>       db = DriverManager.getConnection(url, opt);
>       } catch (Exception e) {
>           e.printStackTrace();
>       }
> ------- END ------------
>
> I have imported the server's certificate using the keytool successfully
> , though the exception states that no *trusted* certificate is found. My
> certificate is self-signed. Could it be the problem that the certificate
> is not accepted (i.e i have to create it differently either on the
> server side, or import it differently on the client side) ? Or maybe
> there is a conflict between the PostgreSQL and JDBC3 versions?
>
> Thanks a lot in advance for your help.
>
> Regards,
>
> Angel
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
>               http://www.postgresql.org/docs/faqs/FAQ.html
>