Thread: Have some problem about the SSL connection by JDBC

Have some problem about the SSL connection by JDBC

From
Date:
I have some big problem.
I install these packages in Redhat Enterprise ES3.
postgresql-7.4.1-1PGDG.i386.rpm
postgresql-jdbc-7.4.1-1PGDG.i386.rpm
postgresql-libs-7.4.1-1PGDG.i386.rpm
postgresql-server-7.4.1-1PGDG.i386.rpm

When I use the ssl connection by JDBC,I have some problem.
--------------my program----------------
try{
  String DBDriver="org.postgresql.Driver";
  Class.forName(DBDriver);
  String DBUrl   = "jdbc:postgresql://myserver:50813/mydbname?ssl";
  String strUser = "user";
  String strPassword = "user";
  Connection conn=DriverManager.getConnection(DBUrl,strUser,strPassword);
... ....
  conn.close();
 }catch(Exception e){
  out.println(e.getMessage());
 }
-------------------Error-------------------------
An I/O error has occured while flushing the output - Exception:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
Stack Trace:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
 at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) .....
----------------server log---------------
could not initialize SSL connection: sslv3 alert certificate unknown
When I use pgdev.301.jdbc3.jar download from
http://jdbc.postgresql.org/download.html I get the same error.
Can anybody help me?


Re: Have some problem about the SSL connection by JDBC

From
Oliver Jowett
Date:
zhang-x@cnt.mxy.nes.nec.co.jp wrote:

> An I/O error has occured while flushing the output - Exception:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found

You need to import the server certificate into the client's keystore.
See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for
details.

-O

Re: Have some problem about the SSL connection by JDBC

From
Barry Lind
Date:
You need to import the certificate of the server into your default cert
store on the client for a valid ssl handshake to take place.

--Barry


zhang-x@cnt.mxy.nes.nec.co.jp wrote:
> I have some big problem.
> I install these packages in Redhat Enterprise ES3.
> postgresql-7.4.1-1PGDG.i386.rpm
> postgresql-jdbc-7.4.1-1PGDG.i386.rpm
> postgresql-libs-7.4.1-1PGDG.i386.rpm
> postgresql-server-7.4.1-1PGDG.i386.rpm
>
> When I use the ssl connection by JDBC,I have some problem.
> --------------my program----------------
> try{
>   String DBDriver="org.postgresql.Driver";
>   Class.forName(DBDriver);
>   String DBUrl   = "jdbc:postgresql://myserver:50813/mydbname?ssl";
>   String strUser = "user";
>   String strPassword = "user";
>   Connection conn=DriverManager.getConnection(DBUrl,strUser,strPassword);
> ... ....
>   conn.close();
>  }catch(Exception e){
>   out.println(e.getMessage());
>  }
> -------------------Error-------------------------
> An I/O error has occured while flushing the output - Exception:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
> Stack Trace:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
>  at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
>  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) .....
> ----------------server log---------------
> could not initialize SSL connection: sslv3 alert certificate unknown
> When I use pgdev.301.jdbc3.jar download from
> http://jdbc.postgresql.org/download.html I get the same error.
> Can anybody help me?
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 7: don't forget to increase your free space map settings



Re: Have some problem about the SSL connection by JDBC

From
Date:
I have done all in that page ,but I still get the error.
I use j2sdk-1.4.2_04.

> > An I/O error has occured while flushing the output - Exception:
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: No trusted certificate found
>
> You need to import the server certificate into the client's keystore.
> See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for
> details.
>
> -O
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

Re: Have some problem about the SSL connection by JDBC

From
Date:
Thanks for your help I have resolve my problem.
Thanks.
----- Original Message -----
From: "Oliver Jowett" <oliver@opencloud.com>
To: <zhang-x@cnt.mxy.nes.nec.co.jp>
Cc: <pgsql-jdbc@postgresql.org>
Sent: Wednesday, April 07, 2004 8:17 AM
Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC


> zhang-x@cnt.mxy.nes.nec.co.jp wrote:
>
> > An I/O error has occured while flushing the output - Exception:
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: No trusted certificate found
>
> You need to import the server certificate into the client's keystore.
> See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for
> details.
>
> -O
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

Re: Have some problem about the SSL connection by JDBC

From
Dave Cramer
Date:
Can you share the solution with the list?

Dave
On Wed, 2004-04-07 at 08:24, zhang-x@cnt.mxy.nes.nec.co.jp wrote:
> Thanks for your help I have resolve my problem.
> Thanks.
> ----- Original Message -----
> From: "Oliver Jowett" <oliver@opencloud.com>
> To: <zhang-x@cnt.mxy.nes.nec.co.jp>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Wednesday, April 07, 2004 8:17 AM
> Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC
>
>
> > zhang-x@cnt.mxy.nes.nec.co.jp wrote:
> >
> > > An I/O error has occured while flushing the output - Exception:
> > > javax.net.ssl.SSLHandshakeException:
> > > sun.security.validator.ValidatorException: No trusted certificate found
> >
> > You need to import the server certificate into the client's keystore.
> > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for
> > details.
> >
> > -O
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 4: Don't 'kill -9' the postmaster
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>
--
Dave Cramer
519 939 0336
ICQ # 14675561


Re: Have some problem about the SSL connection by JDBC

From
Date:
to Dave
    http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php this is
useful.
    After I read it.
    I just import the server certificate into the client's keystore. (^-^)
    I do it with this command:
# keytool -keystore $JAVA_HOME/jre/lib/security/cacerts -alias [any name for
the cert you like (i.e. postgres)] -import -file server.crt.der
And then it works.
    By the way you should use JDBC Driver after 7.4.

----- Original Message -----
From: "Dave Cramer" <pg@fastcrypt.com>
To: <zhang-x@cnt.mxy.nes.nec.co.jp>
Cc: "Oliver Jowett" <oliver@opencloud.com>; <pgsql-jdbc@postgresql.org>
Sent: Wednesday, April 07, 2004 9:47 PM
Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC


> Can you share the solution with the list?
>
> Dave
> On Wed, 2004-04-07 at 08:24, zhang-x@cnt.mxy.nes.nec.co.jp wrote:
> > Thanks for your help I have resolve my problem.
> > Thanks.
> > ----- Original Message -----
> > From: "Oliver Jowett" <oliver@opencloud.com>
> > To: <zhang-x@cnt.mxy.nes.nec.co.jp>
> > Cc: <pgsql-jdbc@postgresql.org>
> > Sent: Wednesday, April 07, 2004 8:17 AM
> > Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC
> >
> >
> > > zhang-x@cnt.mxy.nes.nec.co.jp wrote:
> > >
> > > > An I/O error has occured while flushing the output - Exception:
> > > > javax.net.ssl.SSLHandshakeException:
> > > > sun.security.validator.ValidatorException: No trusted certificate
found
> > >
> > > You need to import the server certificate into the client's keystore.
> > > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for
> > > details.
> > >
> > > -O
> > >
> > > ---------------------------(end of
broadcast)---------------------------
> > > TIP 4: Don't 'kill -9' the postmaster
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 2: you can get off all lists at once with the unregister command
> >     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
> >
> --
> Dave Cramer
> 519 939 0336
> ICQ # 14675561
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
>                http://www.postgresql.org/docs/faqs/FAQ.html