Thread: SSL connection failure
The server I am connecting to is Redhat with postgres 8.2, running with ssl enabled. The client I am connecting from is Windows 2003 with ColdFusion 8 Enterprise (runs on a Java engine). I set up all the certificates and can connect securely on my desktop with pgAdmin3. I copied the same root.crt to the above Windows box, and installed it in the keystore using the following:
E:\JRun4\jre\bin>keytool -importcert -alias dca –file E:\Jrun4\jre\lib\security\root.crt -keystore E:\Jrun4\jre\lib\security\cacerts
After restarting java services, I retest the datasource connection (jdbc:postgresql://x.x.x.x/main?ssl) and get the fail message “org.postgresql.util.PSQLException: The connection attempt failed.” with no details in any logs to provide details. The connection works without ssl fine.
I’m at a loss for where the handshake failure is occurring. Please note that this is the closest to working with java I’ve ever done.
David Patricola | Senior Cold Fusion Developer | Web Applications & Services | Jefferson Information Technologies
Thomas Jefferson Universtiy | Philadelphia, PA | 215.503.1715 (Office)
On Wed, Mar 30, 2011 at 11:27 AM, David Patricola <david.patricola@jefferson.edu> wrote: > The server I am connecting to is Redhat with postgres 8.2, running with ssl > enabled. The client I am connecting from is Windows 2003 with ColdFusion 8 > Enterprise (runs on a Java engine). I set up all the certificates and can > connect securely on my desktop with pgAdmin3. I copied the same root.crt to > the above Windows box, and installed it in the keystore using the following: > > > > E:\JRun4\jre\bin>keytool -importcert -alias dca –file > E:\Jrun4\jre\lib\security\root.crt -keystore > E:\Jrun4\jre\lib\security\cacerts > > > > After restarting java services, I retest the datasource connection > (jdbc:postgresql://x.x.x.x/main?ssl) and get the fail message > “org.postgresql.util.PSQLException: The connection attempt failed.” with no > details in any logs to provide details. The connection works without ssl > fine. > > > > I’m at a loss for where the handshake failure is occurring. Please note > that this is the closest to working with java I’ve ever done. > > > > David Patricola | Senior Cold Fusion Developer | Web Applications & Services > | Jefferson Information Technologies > > > > Thomas Jefferson Universtiy | Philadelphia, PA | 215.503.1715 (Office) David, There are no server logs either ? Dave Cramer dave.cramer(at)credativ(dot)ca http://www.credativ.ca > >
> After restarting java services, I retest the datasource connection > (jdbc:postgresql://x.x.x.x/main?ssl) and get the fail message > “org.postgresql.util.PSQLException: The connection attempt failed.” with no > details in any logs to provide details. The connection works without ssl > fine. In addition to Dave's suggetion, have you configured driver-level logging to check what's going on there? See loglevel connection parameter and DriverManager.setLogWriter(). --- Maciek Sakrejda | System Architect | Truviso 1065 E. Hillsdale Blvd., Suite 215 Foster City, CA 94404 (650) 242-3500 Main www.truviso.com
Dave, the error logs only show the same error message as displayed on the browser. -----Original Message----- From: pgsql-jdbc-owner@postgresql.org [mailto:pgsql-jdbc-owner@postgresql.org] On Behalf Of Dave Cramer Sent: Wednesday, March 30, 2011 4:50 PM To: David Patricola Cc: pgsql-jdbc@postgresql.org Subject: Re: [JDBC] SSL connection failure On Wed, Mar 30, 2011 at 11:27 AM, David Patricola <david.patricola@jefferson.edu> wrote: > The server I am connecting to is Redhat with postgres 8.2, running with ssl > enabled. The client I am connecting from is Windows 2003 with ColdFusion 8 > Enterprise (runs on a Java engine). I set up all the certificates and can > connect securely on my desktop with pgAdmin3. I copied the same root.crt to > the above Windows box, and installed it in the keystore using the following: > > > > E:\JRun4\jre\bin>keytool -importcert -alias dca file > E:\Jrun4\jre\lib\security\root.crt -keystore > E:\Jrun4\jre\lib\security\cacerts > > > > After restarting java services, I retest the datasource connection > (jdbc:postgresql://x.x.x.x/main?ssl) and get the fail message > org.postgresql.util.PSQLException: The connection attempt failed. with no > details in any logs to provide details. The connection works without ssl > fine. > > > > Im at a loss for where the handshake failure is occurring. Please note > that this is the closest to working with java Ive ever done. > > > > David Patricola | Senior Cold Fusion Developer | Web Applications & Services > | Jefferson Information Technologies > > > > Thomas Jefferson Universtiy | Philadelphia, PA | 215.503.1715 (Office) David, There are no server logs either ? Dave Cramer dave.cramer(at)credativ(dot)ca http://www.credativ.ca > > -- Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-jdbc
I don't know how to do that? I have never coded Java so I wouldn't even know where to start or how to re-compile it. I only control the logging via CF's administrator interface. The closest I see to anything involving SSL is in a server.log file, but I highly doubt it has any effect on what I'm doing. "Information","scheduler-11","03/30/11","15:16:28",,"Installed JSafe JCE provider: Version 3.6 RSA Security Inc. Crypto-J JCE Security Provider (implements RSA, DSA, Diffie-Hellman, AES, DES, Triple DES, DESX, RC2, RC4, RC5, PBE, MD2, MD5, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512, HMAC-MD5, HMAC-RIPEMD160, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512)" -----Original Message----- From: Maciek Sakrejda [mailto:msakrejda@truviso.com] Sent: Wednesday, March 30, 2011 4:55 PM To: David Patricola Cc: pgsql-jdbc@postgresql.org Subject: Re: [JDBC] SSL connection failure > After restarting java services, I retest the datasource connection > (jdbc:postgresql://x.x.x.x/main?ssl) and get the fail message > "org.postgresql.util.PSQLException: The connection attempt failed." with no > details in any logs to provide details. The connection works without ssl > fine. In addition to Dave's suggetion, have you configured driver-level logging to check what's going on there? See loglevel connection parameter and DriverManager.setLogWriter(). --- Maciek Sakrejda | System Architect | Truviso 1065 E. Hillsdale Blvd., Suite 215 Foster City, CA 94404 (650) 242-3500 Main www.truviso.com
I got a much better error message finally! ColdFusion's debug output
provided me with a much better message. The lines that say "unable to find
valid certification path to requested target" are the biggest help, but I'm
importing server.crt into the default cacerts file under
E:\Jrun4\jre\lib\security, so is there some configuration I'm missing?
===========================================================================
org.postgresql.util.PSQLException: The connection attempt failed.
at
org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFa
ctoryImpl.java:136)
at
org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:
65)
at
org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.
java:116)
at
org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.
java:30)
at
org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24)
at org.postgresql.Driver.makeConnection(Driver.java:369)
at org.postgresql.Driver.connect(Driver.java:245)
at
coldfusion.server.j2ee.sql.pool.JDBCPool.createPhysicalConnection(JDBCPool.j
ava:589)
at
coldfusion.server.j2ee.sql.pool.ConnectionRunner$RunnableConnection.run(Conn
ectionRunner.java:67)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:975)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake
r.java:123)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884
)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
Impl.java:1096)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:62
3)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.postgresql.core.PGStream.flush(PGStream.java:532)
at
org.postgresql.core.v3.ConnectionFactoryImpl.sendStartupPacket(ConnectionFac
toryImpl.java:243)
at
org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFa
ctoryImpl.java:91)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerI
mpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru
stManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru
stManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:954)
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBui
lder.java:174)
at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 27 more
-----Original Message-----
From: Maciek Sakrejda [mailto:msakrejda@truviso.com]
Sent: Wednesday, March 30, 2011 4:55 PM
To: David Patricola
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] SSL connection failure
> After restarting java services, I retest the datasource connection
> (jdbc:postgresql://x.x.x.x/main?ssl) and get the fail message
> "org.postgresql.util.PSQLException: The connection attempt failed." with
no
> details in any logs to provide details. The connection works without ssl
> fine.
In addition to Dave's suggetion, have you configured driver-level
logging to check what's going on there? See loglevel connection
parameter and DriverManager.setLogWriter().
---
Maciek Sakrejda | System Architect | Truviso
1065 E. Hillsdale Blvd., Suite 215
Foster City, CA 94404
(650) 242-3500 Main
www.truviso.com
On Thu, 31 Mar 2011 11:36:34 -0400, David Patricola wrote: > I got a much better error message finally! ColdFusion's debug output > provided me with a much better message. The lines that say "unable > to find > valid certification path to requested target" are the biggest help, > but I'm > importing server.crt into the default cacerts file under > E:\Jrun4\jre\lib\security, so is there some configuration I'm > missing? > > > > =========================================================================== > org.postgresql.util.PSQLException: The connection attempt failed. > at > > org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFa > ctoryImpl.java:136) > at > > org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java: > 65) > at > > org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection. > java:116) > at > > org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection. > java:30) > at > org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24) > at org.postgresql.Driver.makeConnection(Driver.java:369) > at org.postgresql.Driver.connect(Driver.java:245) > at > > coldfusion.server.j2ee.sql.pool.JDBCPool.createPhysicalConnection(JDBCPool.j > ava:589) > at > > coldfusion.server.j2ee.sql.pool.ConnectionRunner$RunnableConnection.run(Conn > ectionRunner.java:67) > at java.lang.Thread.run(Thread.java:619) > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > valid certification path to requested target > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) > at > > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh > aker.java:975) > at > > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake > r.java:123) > at > > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) > at > > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884 > ) > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket > Impl.java:1096) > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:62 > 3) > at > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) > at > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) > at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) > at org.postgresql.core.PGStream.flush(PGStream.java:532) > at > > org.postgresql.core.v3.ConnectionFactoryImpl.sendStartupPacket(ConnectionFac > toryImpl.java:243) > at > > org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFa > ctoryImpl.java:91) > ... 9 more > Caused by: sun.security.validator.ValidatorException: PKIX path > building > failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable > to find valid certification path to requested target > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) > at > > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191) > at sun.security.validator.Validator.validate(Validator.java:218) > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerI > mpl.java:126) > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru > stManagerImpl.java:209) > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru > stManagerImpl.java:249) > at > > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh > aker.java:954) > ... 21 more > Caused by: > sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBui > lder.java:174) > at > java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) > ... 27 more > > -----Original Message----- > From: Maciek Sakrejda [mailto:msakrejda@truviso.com] > Sent: Wednesday, March 30, 2011 4:55 PM > To: David Patricola > Cc: pgsql-jdbc@postgresql.org > Subject: Re: [JDBC] SSL connection failure > >> After restarting java services, I retest the datasource connection >> (jdbc:postgresql://x.x.x.x/main?ssl) and get the fail message >> "org.postgresql.util.PSQLException: The connection attempt failed." >> with > no >> details in any logs to provide details. The connection works >> without ssl >> fine. > > In addition to Dave's suggetion, have you configured driver-level > logging to check what's going on there? See loglevel connection > parameter and DriverManager.setLogWriter(). > > --- > Maciek Sakrejda | System Architect | Truviso > > 1065 E. Hillsdale Blvd., Suite 215 > Foster City, CA 94404 > (650) 242-3500 Main > www.truviso.com Hi, I think it's not PG JDBC driver problem, I found such URL parameter that may help sslfactory=org.postgresql.ssl.NonValidatingFactory (if it doesn't changed), but in addition I would like to give You some other hints: 1. If You run driver in server environment then system keystore may not be enough. Actually, common servers like Tomcat, or Glassfish provides its own keystore and castore located somewhere in server directory, much more this store may not be standard, desktop JKS keystore, but NSS keystore, and importing certs there requires other tools. 2. You need to put certificate as trusted, and/or if certificate has parent(s), then all those should be trusted, too. 3. Sometimes You need to provide keystore/truststore password by adding -D system property to JVM launch path, not all servers gives ability to open keystore by using SSL sockets. Regards, Radosław Smogura http://softperience.eu
Actually, I just had to add in server.crt into the default keystore. My problem was the IP address I had in the certificate didn't match the hostname of the calling server. Changing the IP to the hostname did the trick. -----Original Message----- From: pgsql-jdbc-owner@postgresql.org [mailto:pgsql-jdbc-owner@postgresql.org] On Behalf Of rsmogura Sent: Monday, April 04, 2011 6:19 AM To: David Patricola Cc: 'Maciek Sakrejda'; pgsql-jdbc@postgresql.org Subject: Re: [JDBC] SSL connection failure On Thu, 31 Mar 2011 11:36:34 -0400, David Patricola wrote: > I got a much better error message finally! ColdFusion's debug output > provided me with a much better message. The lines that say "unable > to find > valid certification path to requested target" are the biggest help, > but I'm > importing server.crt into the default cacerts file under > E:\Jrun4\jre\lib\security, so is there some configuration I'm > missing? > > > > =========================================================================== > org.postgresql.util.PSQLException: The connection attempt failed. > at > > org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFa > ctoryImpl.java:136) > at > > org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java: > 65) > at > > org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection. > java:116) > at > > org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection. > java:30) > at > org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24) > at org.postgresql.Driver.makeConnection(Driver.java:369) > at org.postgresql.Driver.connect(Driver.java:245) > at > > coldfusion.server.j2ee.sql.pool.JDBCPool.createPhysicalConnection(JDBCPool.j > ava:589) > at > > coldfusion.server.j2ee.sql.pool.ConnectionRunner$RunnableConnection.run(Conn > ectionRunner.java:67) > at java.lang.Thread.run(Thread.java:619) > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > valid certification path to requested target > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) > at > > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh > aker.java:975) > at > > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake > r.java:123) > at > > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) > at > > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884 > ) > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket > Impl.java:1096) > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:62 > 3) > at > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) > at > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) > at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) > at org.postgresql.core.PGStream.flush(PGStream.java:532) > at > > org.postgresql.core.v3.ConnectionFactoryImpl.sendStartupPacket(ConnectionFac > toryImpl.java:243) > at > > org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFa > ctoryImpl.java:91) > ... 9 more > Caused by: sun.security.validator.ValidatorException: PKIX path > building > failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable > to find valid certification path to requested target > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) > at > > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191) > at sun.security.validator.Validator.validate(Validator.java:218) > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerI > mpl.java:126) > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru > stManagerImpl.java:209) > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru > stManagerImpl.java:249) > at > > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh > aker.java:954) > ... 21 more > Caused by: > sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBui > lder.java:174) > at > java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) > ... 27 more > > -----Original Message----- > From: Maciek Sakrejda [mailto:msakrejda@truviso.com] > Sent: Wednesday, March 30, 2011 4:55 PM > To: David Patricola > Cc: pgsql-jdbc@postgresql.org > Subject: Re: [JDBC] SSL connection failure > >> After restarting java services, I retest the datasource connection >> (jdbc:postgresql://x.x.x.x/main?ssl) and get the fail message >> "org.postgresql.util.PSQLException: The connection attempt failed." >> with > no >> details in any logs to provide details. The connection works >> without ssl >> fine. > > In addition to Dave's suggetion, have you configured driver-level > logging to check what's going on there? See loglevel connection > parameter and DriverManager.setLogWriter(). > > --- > Maciek Sakrejda | System Architect | Truviso > > 1065 E. Hillsdale Blvd., Suite 215 > Foster City, CA 94404 > (650) 242-3500 Main > www.truviso.com Hi, I think it's not PG JDBC driver problem, I found such URL parameter that may help sslfactory=org.postgresql.ssl.NonValidatingFactory (if it doesn't changed), but in addition I would like to give You some other hints: 1. If You run driver in server environment then system keystore may not be enough. Actually, common servers like Tomcat, or Glassfish provides its own keystore and castore located somewhere in server directory, much more this store may not be standard, desktop JKS keystore, but NSS keystore, and importing certs there requires other tools. 2. You need to put certificate as trusted, and/or if certificate has parent(s), then all those should be trusted, too. 3. Sometimes You need to provide keystore/truststore password by adding -D system property to JVM launch path, not all servers gives ability to open keystore by using SSL sockets. Regards, Radoslaw Smogura http://softperience.eu -- Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-jdbc