Thread: Have some problem about the SSL connection by JDBC
I have some big problem. I install these packages in Redhat Enterprise ES3. postgresql-7.4.1-1PGDG.i386.rpm postgresql-jdbc-7.4.1-1PGDG.i386.rpm postgresql-libs-7.4.1-1PGDG.i386.rpm postgresql-server-7.4.1-1PGDG.i386.rpm When I use the ssl connection by JDBC,I have some problem. --------------my program---------------- try{ String DBDriver="org.postgresql.Driver"; Class.forName(DBDriver); String DBUrl = "jdbc:postgresql://myserver:50813/mydbname?ssl"; String strUser = "user"; String strPassword = "user"; Connection conn=DriverManager.getConnection(DBUrl,strUser,strPassword); ... .... conn.close(); }catch(Exception e){ out.println(e.getMessage()); } -------------------Error------------------------- An I/O error has occured while flushing the output - Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found Stack Trace: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) ..... ----------------server log--------------- could not initialize SSL connection: sslv3 alert certificate unknown When I use pgdev.301.jdbc3.jar download from http://jdbc.postgresql.org/download.html I get the same error. Can anybody help me?
zhang-x@cnt.mxy.nes.nec.co.jp wrote: > An I/O error has occured while flushing the output - Exception: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found You need to import the server certificate into the client's keystore. See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for details. -O
You need to import the certificate of the server into your default cert store on the client for a valid ssl handshake to take place. --Barry zhang-x@cnt.mxy.nes.nec.co.jp wrote: > I have some big problem. > I install these packages in Redhat Enterprise ES3. > postgresql-7.4.1-1PGDG.i386.rpm > postgresql-jdbc-7.4.1-1PGDG.i386.rpm > postgresql-libs-7.4.1-1PGDG.i386.rpm > postgresql-server-7.4.1-1PGDG.i386.rpm > > When I use the ssl connection by JDBC,I have some problem. > --------------my program---------------- > try{ > String DBDriver="org.postgresql.Driver"; > Class.forName(DBDriver); > String DBUrl = "jdbc:postgresql://myserver:50813/mydbname?ssl"; > String strUser = "user"; > String strPassword = "user"; > Connection conn=DriverManager.getConnection(DBUrl,strUser,strPassword); > ... .... > conn.close(); > }catch(Exception e){ > out.println(e.getMessage()); > } > -------------------Error------------------------- > An I/O error has occured while flushing the output - Exception: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > Stack Trace: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) ..... > ----------------server log--------------- > could not initialize SSL connection: sslv3 alert certificate unknown > When I use pgdev.301.jdbc3.jar download from > http://jdbc.postgresql.org/download.html I get the same error. > Can anybody help me? > > > ---------------------------(end of broadcast)--------------------------- > TIP 7: don't forget to increase your free space map settings
I have done all in that page ,but I still get the error. I use j2sdk-1.4.2_04. > > An I/O error has occured while flushing the output - Exception: > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: No trusted certificate found > > You need to import the server certificate into the client's keystore. > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for > details. > > -O > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster
Thanks for your help I have resolve my problem. Thanks. ----- Original Message ----- From: "Oliver Jowett" <oliver@opencloud.com> To: <zhang-x@cnt.mxy.nes.nec.co.jp> Cc: <pgsql-jdbc@postgresql.org> Sent: Wednesday, April 07, 2004 8:17 AM Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC > zhang-x@cnt.mxy.nes.nec.co.jp wrote: > > > An I/O error has occured while flushing the output - Exception: > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: No trusted certificate found > > You need to import the server certificate into the client's keystore. > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for > details. > > -O > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster
Can you share the solution with the list? Dave On Wed, 2004-04-07 at 08:24, zhang-x@cnt.mxy.nes.nec.co.jp wrote: > Thanks for your help I have resolve my problem. > Thanks. > ----- Original Message ----- > From: "Oliver Jowett" <oliver@opencloud.com> > To: <zhang-x@cnt.mxy.nes.nec.co.jp> > Cc: <pgsql-jdbc@postgresql.org> > Sent: Wednesday, April 07, 2004 8:17 AM > Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC > > > > zhang-x@cnt.mxy.nes.nec.co.jp wrote: > > > > > An I/O error has occured while flushing the output - Exception: > > > javax.net.ssl.SSLHandshakeException: > > > sun.security.validator.ValidatorException: No trusted certificate found > > > > You need to import the server certificate into the client's keystore. > > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for > > details. > > > > -O > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 4: Don't 'kill -9' the postmaster > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > -- Dave Cramer 519 939 0336 ICQ # 14675561
to Dave http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php this is useful. After I read it. I just import the server certificate into the client's keystore. (^-^) I do it with this command: # keytool -keystore $JAVA_HOME/jre/lib/security/cacerts -alias [any name for the cert you like (i.e. postgres)] -import -file server.crt.der And then it works. By the way you should use JDBC Driver after 7.4. ----- Original Message ----- From: "Dave Cramer" <pg@fastcrypt.com> To: <zhang-x@cnt.mxy.nes.nec.co.jp> Cc: "Oliver Jowett" <oliver@opencloud.com>; <pgsql-jdbc@postgresql.org> Sent: Wednesday, April 07, 2004 9:47 PM Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC > Can you share the solution with the list? > > Dave > On Wed, 2004-04-07 at 08:24, zhang-x@cnt.mxy.nes.nec.co.jp wrote: > > Thanks for your help I have resolve my problem. > > Thanks. > > ----- Original Message ----- > > From: "Oliver Jowett" <oliver@opencloud.com> > > To: <zhang-x@cnt.mxy.nes.nec.co.jp> > > Cc: <pgsql-jdbc@postgresql.org> > > Sent: Wednesday, April 07, 2004 8:17 AM > > Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC > > > > > > > zhang-x@cnt.mxy.nes.nec.co.jp wrote: > > > > > > > An I/O error has occured while flushing the output - Exception: > > > > javax.net.ssl.SSLHandshakeException: > > > > sun.security.validator.ValidatorException: No trusted certificate found > > > > > > You need to import the server certificate into the client's keystore. > > > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for > > > details. > > > > > > -O > > > > > > ---------------------------(end of broadcast)--------------------------- > > > TIP 4: Don't 'kill -9' the postmaster > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 2: you can get off all lists at once with the unregister command > > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > > > -- > Dave Cramer > 519 939 0336 > ICQ # 14675561 > > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/docs/faqs/FAQ.html