ok the problem is here, the output is the following
...
trustStore is: C:\java\j2sdk1.4.2_03\jre\lib\security\cacerts
...
but now I undestand that I don't undestand nothing about the certificates.
This is the CLIENT PATH i.e the path of the machine where my java (client)
application run on. I always operated on the server, never on the client!
So, if I want a SSL connection between postgres and another PC I have to
create the certificate and execute
keytool -keystore /usr/local/j2sdk1.4.2_04/jre/lib/security/cacerts -alias
postgres -import -file server.crt.der
on the CLIENT? Or not?
Thanks
>
> ----- Original Message -----
> From: "Kris Jurka" <books@ejurka.com>
> To: "Stefano Bonnin" <stefano.bonnin@comai.to>
> Cc: <pgsql-jdbc@postgresql.org>
> Sent: Thursday, July 15, 2004 8:18 PM
> Subject: Re: [JDBC] SSL Problem
>
>
> >
> >
> > On Thu, 15 Jul 2004, Stefano Bonnin wrote:
> >
> > > 2004-07-15 14:03:40 LOG: could not load root certificate file
> > > "/usr/local/pgsql-7.4.2/bin/../../pgsql-7.4.1/data/root.crt": No such
> file
> > > or directory
> > > DETAIL: Will not verify client certificates.
> >
> > This is fine. You do not need a root.crt file. This is used to
> > authenticate clients to the server which is optional and not necessary
to
> > establish a SSL connection.
> >
> > Again the problem seems to be that you have not made the server cert
> > available to the connecting jvm. Adding -Djavax.net.debug=ssl to your
> > java command will produce a lot of debug information, but will likely
> > confirm this. The key line will be in the first part of the output
where
> > it displays which trustStore you are using. The server cert must be in
> > this file.
> >
> > Kris Jurka
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 5: Have you checked our extensive FAQ?
> >
> > http://www.postgresql.org/docs/faqs/FAQ.html
> >
>