Thread: can't access through SSL

can't access through SSL

From
Maz Mohammadi
Date:

Hello all,

 

I’m trying to access a postgres database through a java application (tomcat).  This is the only entry I have in pg_hba.conf

 

# TYPE  DATABASE        USER            ADDRESS                 METHOD

hostssl all                           all             127.0.0.1/32            cert

 

and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….

 

This is my jdbc URL….

jdbc:postgresql://localhost:5432/testdb&ssl=true

 

But When I try to create a datasource on tomcat, I get the following error…

“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”

 

Any help is greatly appreciated.

 

-maz

Re: can't access through SSL

From
Vitalii Tymchyshyn
Date:
Try jdbc:postgresql://localhost:5432/testdb?ssl=true


2013/2/22 Maz Mohammadi <mmohammadi@pentaho.com>

Hello all,

 

I’m trying to access a postgres database through a java application (tomcat).  This is the only entry I have in pg_hba.conf

 

# TYPE  DATABASE        USER            ADDRESS                 METHOD

hostssl all                           all             127.0.0.1/32            cert

 

and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….

 

This is my jdbc URL….

jdbc:postgresql://localhost:5432/testdb&ssl=true

 

But When I try to create a datasource on tomcat, I get the following error…

“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”

 

Any help is greatly appreciated.

 

-maz




--
Best regards,
 Vitalii Tymchyshyn

Re: can't access through SSL

From
Maz Mohammadi
Date:

Thx,  one step closer.

 

pgsql-jdbc@postgresql.org

 

 

From: Vitalii Tymchyshyn [mailto:tivv00@gmail.com]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL

 

Try jdbc:postgresql://localhost:5432/testdb?ssl=true

 

2013/2/22 Maz Mohammadi <mmohammadi@pentaho.com>

Hello all,

 

I’m trying to access a postgres database through a java application (tomcat).  This is the only entry I have in pg_hba.conf

 

# TYPE  DATABASE        USER            ADDRESS                 METHOD

hostssl all                           all             127.0.0.1/32            cert

 

and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….

 

This is my jdbc URL….

jdbc:postgresql://localhost:5432/testdb&ssl=true

 

But When I try to create a datasource on tomcat, I get the following error…

“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”

 

Any help is greatly appreciated.

 

-maz



 

--
Best regards,
 Vitalii Tymchyshyn

Re: can't access through SSL

From
Maz Mohammadi
Date:

Hello,

 

I regenerated some new keys for my postgres server.  I’ve placed them under /var/lib…./coord and shared them with the datanodes as well.

 

After adding the certificates to the keystore for my tomcat java application, I get the following error on my server.

 

LOG:  could not accept SSL connection:  sslv3 alert certificate unkown.

 

I thought I had to use JDBC 3 for this.

 

Any ideas?

 

-maz

 

From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:45 PM
To: pgsql-jdbc@postgresql.org
Subject: RE: [JDBC] can't access through SSL

 

Thx,  one step closer.

 

pgsql-jdbc@postgresql.org

 

 

From: Vitalii Tymchyshyn [mailto:tivv00@gmail.com]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL

 

Try jdbc:postgresql://localhost:5432/testdb?ssl=true

 

2013/2/22 Maz Mohammadi <mmohammadi@pentaho.com>

Hello all,

 

I’m trying to access a postgres database through a java application (tomcat).  This is the only entry I have in pg_hba.conf

 

# TYPE  DATABASE        USER            ADDRESS                 METHOD

hostssl all                           all             127.0.0.1/32            cert

 

and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….

 

This is my jdbc URL….

jdbc:postgresql://localhost:5432/testdb&ssl=true

 

But When I try to create a datasource on tomcat, I get the following error…

“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”

 

Any help is greatly appreciated.

 

-maz



 

--
Best regards,
 Vitalii Tymchyshyn

Re: can't access through SSL

From
Maz Mohammadi
Date:

Correction…

 

After double checking the path to java’s keystore file, and correcting it…this is the new error.

FATAL:  connection requires a valid client certificate. 

 

Any idea would be greatly appreciated.

 

-maz

 

From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:51 PM
To: 'pgsql-jdbc@postgresql.org'
Subject: RE: [JDBC] can't access through SSL

 

Hello,

 

I regenerated some new keys for my postgres server.  I’ve placed them under /var/lib…./coord and shared them with the datanodes as well.

 

After adding the certificates to the keystore for my tomcat java application, I get the following error on my server.

 

LOG:  could not accept SSL connection:  sslv3 alert certificate unkown.

 

I thought I had to use JDBC 3 for this.

 

Any ideas?

 

-maz

 

From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:45 PM
To: pgsql-jdbc@postgresql.org
Subject: RE: [JDBC] can't access through SSL

 

Thx,  one step closer.

 

pgsql-jdbc@postgresql.org

 

 

From: Vitalii Tymchyshyn [mailto:tivv00@gmail.com]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL

 

Try jdbc:postgresql://localhost:5432/testdb?ssl=true

 

2013/2/22 Maz Mohammadi <mmohammadi@pentaho.com>

Hello all,

 

I’m trying to access a postgres database through a java application (tomcat).  This is the only entry I have in pg_hba.conf

 

# TYPE  DATABASE        USER            ADDRESS                 METHOD

hostssl all                           all             127.0.0.1/32            cert

 

and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….

 

This is my jdbc URL….

jdbc:postgresql://localhost:5432/testdb&ssl=true

 

But When I try to create a datasource on tomcat, I get the following error…

“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”

 

Any help is greatly appreciated.

 

-maz



 

--
Best regards,
 Vitalii Tymchyshyn

Re: can't access through SSL

From
Maz Mohammadi
Date:

I still can’t access my SSL enabled server!!!

 

Is root.crt supposed to be an exact copy of server.crt file which I use in my client’s keystore?

 

I have another observation.  As I start the coordinator node, I don’t see any file access to the server.key or server.crt file?  Aren’t these files supposed to be read at start up time or at least when I try to make a connection from my java application?

 

Everything I try create a datasource on tomcat I get the follow error on client and server’s console…

 

FATAL:  connection requires a valid client certificate. 

 

Am I missing something?

 

-maz

 

From: pgsql-jdbc-owner@postgresql.org [mailto:pgsql-jdbc-owner@postgresql.org] On Behalf Of Maz Mohammadi
Sent: Friday, February 22, 2013 4:33 PM
To: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL

 

Correction…

 

After double checking the path to java’s keystore file, and correcting it…this is the new error.

 

FATAL:  connection requires a valid client certificate. 

 

Any idea would be greatly appreciated.

 

-maz

 

From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:51 PM
To: 'pgsql-jdbc@postgresql.org'
Subject: RE: [JDBC] can't access through SSL

 

Hello,

 

I regenerated some new keys for my postgres server.  I’ve placed them under /var/lib…./coord and shared them with the datanodes as well.

 

After adding the certificates to the keystore for my tomcat java application, I get the following error on my server.

 

LOG:  could not accept SSL connection:  sslv3 alert certificate unkown.

 

I thought I had to use JDBC 3 for this.

 

Any ideas?

 

-maz

 

From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:45 PM
To: pgsql-jdbc@postgresql.org
Subject: RE: [JDBC] can't access through SSL

 

Thx,  one step closer.

 

pgsql-jdbc@postgresql.org

 

 

From: Vitalii Tymchyshyn [mailto:tivv00@gmail.com]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL

 

Try jdbc:postgresql://localhost:5432/testdb?ssl=true

 

2013/2/22 Maz Mohammadi <mmohammadi@pentaho.com>

Hello all,

 

I’m trying to access a postgres database through a java application (tomcat).  This is the only entry I have in pg_hba.conf

 

# TYPE  DATABASE        USER            ADDRESS                 METHOD

hostssl all                           all             127.0.0.1/32            cert

 

and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….

 

This is my jdbc URL….

jdbc:postgresql://localhost:5432/testdb&ssl=true

 

But When I try to create a datasource on tomcat, I get the following error…

“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”

 

Any help is greatly appreciated.

 

-maz



 

--
Best regards,
 Vitalii Tymchyshyn

Re: [GENERAL] can't access through SSL

From
Adrian Klaver
Date:
On 02/23/2013 08:05 PM, Maz Mohammadi wrote:
> I still can’t access my SSL enabled server!!!
>
> Is root.crt supposed to be an exact copy of server.crt file which I use
> in my client’s keystore?
>
> I have another observation.  As I start the coordinator node, I don’t
> see any file access to the server.key or server.crt file?  Aren’t these
> files supposed to be read at start up time or at least when I try to
> make a connection from my java application?
>
> Everything I try create a datasource on tomcat I get the follow error on
> client and server’s console…
>
> FATAL:  connection requires a valid client certificate.
>
> Am I missing something?

It would seem that from this thread you are working with Postgres-XC not
Postgres, is that correct?

>
> -maz
>
>

--
Adrian Klaver
adrian.klaver@gmail.com


Re: [GENERAL] can't access through SSL

From
Maz Mohammadi
Date:
Correct!

I'm new postgresql and I need to figure this out for a client.  I installed a bunch packages on my Ubuntu linux and
hereI am.  I've learned a lot.  I have 2 datanodes, coordinator + gtm.   

-maz

-----Original Message-----
From: Adrian Klaver [mailto:adrian.klaver@gmail.com]
Sent: Sunday, February 24, 2013 4:37 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@postgresql.org; pgsql-general@postgresql.org
Subject: Re: [GENERAL] [JDBC] can't access through SSL

On 02/23/2013 08:05 PM, Maz Mohammadi wrote:
> I still can't access my SSL enabled server!!!
>
> Is root.crt supposed to be an exact copy of server.crt file which I
> use in my client's keystore?
>
> I have another observation.  As I start the coordinator node, I don't
> see any file access to the server.key or server.crt file?  Aren't
> these files supposed to be read at start up time or at least when I
> try to make a connection from my java application?
>
> Everything I try create a datasource on tomcat I get the follow error
> on client and server's console...
>
> FATAL:  connection requires a valid client certificate.
>
> Am I missing something?

It would seem that from this thread you are working with Postgres-XC not Postgres, is that correct?

>
> -maz
>
>

--
Adrian Klaver
adrian.klaver@gmail.com


Re: [GENERAL] can't access through SSL

From
Adrian Klaver
Date:
On 02/24/2013 02:35 PM, Maz Mohammadi wrote:
> Correct!
>
> I'm new postgresql and I need to figure this out for a client.  I installed a bunch packages on my Ubuntu linux and
hereI am.  I've learned a lot.  I have 2 datanodes, coordinator + gtm. 

Some general pointers on helping to figure this out:

1) Postgres-XC != Postgres. It shares a code base but adds more moving
parts. Along that line, you will need to be more specific about how you
have setup Postgres-XC and exactly which part is failing? I for one do
not use it, so I am not really sure what datanodes, coordinator and gmt
signify. On a related note XC has its own mailing
list(https://lists.sourceforge.net/lists/listinfo/postgres-xc-general),
it may turn out there are people there that can answer the question sooner.


2) JDBC. It would seem from this thread and the other that covered this
topic that JDBC is not really the issue. To make your life simpler I
would test your setup using psql until you get it running properly, then
pull in JDBC to see if it adds any problems. Also, it is generally
considered not good protocol to cross post the same issue to different
lists.


3) Simple with more detail is better. Create a minimum use case and then
provide maximum detail of how it was set up and run. For instance:

a) What are the versions of the software?
b) Where is the client being run from?
c) Where is the server?
d) How are both setup?
e) What is being done between the client and the server?
f) What do you expect to happen?
g) What is actually happening?
i) The actual error message(s)?

>
> -maz
>


--
Adrian Klaver
adrian.klaver@gmail.com


Re: [GENERAL] can't access through SSL

From
Michael Paquier
Date:


On Mon, Feb 25, 2013 at 10:07 AM, Adrian Klaver <adrian.klaver@gmail.com> wrote:
1) Postgres-XC != Postgres. It shares a code base but adds more moving parts. Along that line, you will need to be more specific about how you have setup Postgres-XC and exactly which part is failing? I for one do not use it, so I am not really sure what datanodes, coordinator and gmt signify. On a related note XC has its own mailing list(https://lists.sourceforge.net/lists/listinfo/postgres-xc-general), it may turn out there are people there that can answer the question sooner.
Adrian is right, pgsql-general is not the place where to discuss about bugs or problems of settings regarding Postgres-XC, so please send your requests to the ML indicated by Adrian so as to allow the developers there (including me, being an active member of the XC community) solving your problem.
 
2) JDBC. It would seem from this thread and the other that covered this topic that JDBC is not really the issue. To make your life simpler I would test your setup using psql until you get it running properly, then pull in JDBC to see if it adds any problems. Also, it is generally considered not good protocol to cross post the same issue to different lists.
I think honestly that the problem is not JDBC itself, but the way the nodes in an XC cluster interact...
 
3) Simple with more detail is better. Create a minimum use case and then provide maximum detail of how it was set up and run. For instance:

a) What are the versions of the software?
b) Where is the client being run from?
c) Where is the server?
d) How are both setup?
e) What is being done between the client and the server?
f) What do you expect to happen?
g) What is actually happening?
i) The actual error message(s)?
Yes, answering those questions on the XC mailing list would be better when you report your problem there.
What is the node type where error happens?
Have you setup the SSL certificates on all the nodes?
Or anything that would help resolving what you see.
Does the error happen when connecting directly to a Datanode?
--
Michael