Thread: can't access through SSL
Hello all,
I’m trying to access a postgres database through a java application (tomcat). This is the only entry I have in pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
hostssl all all 127.0.0.1/32 cert
and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….
This is my jdbc URL….
jdbc:postgresql://localhost:5432/testdb&ssl=true
But When I try to create a datasource on tomcat, I get the following error…
“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”
Any help is greatly appreciated.
-maz
Hello all,
I’m trying to access a postgres database through a java application (tomcat). This is the only entry I have in pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
hostssl all all 127.0.0.1/32 cert
and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….
This is my jdbc URL….
jdbc:postgresql://localhost:5432/testdb&ssl=true
But When I try to create a datasource on tomcat, I get the following error…
“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”
Any help is greatly appreciated.
-maz
Best regards,
Vitalii Tymchyshyn
Thx, one step closer.
From: Vitalii Tymchyshyn [mailto:tivv00@gmail.com]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL
Try jdbc:postgresql://localhost:5432/testdb?ssl=true
2013/2/22 Maz Mohammadi <mmohammadi@pentaho.com>
Hello all,
I’m trying to access a postgres database through a java application (tomcat). This is the only entry I have in pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
hostssl all all 127.0.0.1/32 cert
and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….
This is my jdbc URL….
jdbc:postgresql://localhost:5432/testdb&ssl=true
But When I try to create a datasource on tomcat, I get the following error…
“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”
Any help is greatly appreciated.
-maz
--
Best regards,
Vitalii Tymchyshyn
Hello,
I regenerated some new keys for my postgres server. I’ve placed them under /var/lib…./coord and shared them with the datanodes as well.
After adding the certificates to the keystore for my tomcat java application, I get the following error on my server.
LOG: could not accept SSL connection: sslv3 alert certificate unkown.
I thought I had to use JDBC 3 for this.
Any ideas?
-maz
From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:45 PM
To: pgsql-jdbc@postgresql.org
Subject: RE: [JDBC] can't access through SSL
Thx, one step closer.
From: Vitalii Tymchyshyn [mailto:tivv00@gmail.com]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL
Try jdbc:postgresql://localhost:5432/testdb?ssl=true
2013/2/22 Maz Mohammadi <mmohammadi@pentaho.com>
Hello all,
I’m trying to access a postgres database through a java application (tomcat). This is the only entry I have in pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
hostssl all all 127.0.0.1/32 cert
and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….
This is my jdbc URL….
jdbc:postgresql://localhost:5432/testdb&ssl=true
But When I try to create a datasource on tomcat, I get the following error…
“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”
Any help is greatly appreciated.
-maz
--
Best regards,
Vitalii Tymchyshyn
Correction…
After double checking the path to java’s keystore file, and correcting it…this is the new error.
FATAL: connection requires a valid client certificate.
Any idea would be greatly appreciated.
-maz
From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:51 PM
To: 'pgsql-jdbc@postgresql.org'
Subject: RE: [JDBC] can't access through SSL
Hello,
I regenerated some new keys for my postgres server. I’ve placed them under /var/lib…./coord and shared them with the datanodes as well.
After adding the certificates to the keystore for my tomcat java application, I get the following error on my server.
LOG: could not accept SSL connection: sslv3 alert certificate unkown.
I thought I had to use JDBC 3 for this.
Any ideas?
-maz
From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:45 PM
To: pgsql-jdbc@postgresql.org
Subject: RE: [JDBC] can't access through SSL
Thx, one step closer.
From: Vitalii Tymchyshyn [mailto:tivv00@gmail.com]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL
Try jdbc:postgresql://localhost:5432/testdb?ssl=true
2013/2/22 Maz Mohammadi <mmohammadi@pentaho.com>
Hello all,
I’m trying to access a postgres database through a java application (tomcat). This is the only entry I have in pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
hostssl all all 127.0.0.1/32 cert
and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….
This is my jdbc URL….
jdbc:postgresql://localhost:5432/testdb&ssl=true
But When I try to create a datasource on tomcat, I get the following error…
“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”
Any help is greatly appreciated.
-maz
--
Best regards,
Vitalii Tymchyshyn
I still can’t access my SSL enabled server!!!
Is root.crt supposed to be an exact copy of server.crt file which I use in my client’s keystore?
I have another observation. As I start the coordinator node, I don’t see any file access to the server.key or server.crt file? Aren’t these files supposed to be read at start up time or at least when I try to make a connection from my java application?
Everything I try create a datasource on tomcat I get the follow error on client and server’s console…
FATAL: connection requires a valid client certificate.
Am I missing something?
-maz
From: pgsql-jdbc-owner@postgresql.org [mailto:pgsql-jdbc-owner@postgresql.org] On Behalf Of Maz Mohammadi
Sent: Friday, February 22, 2013 4:33 PM
To: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL
Correction…
After double checking the path to java’s keystore file, and correcting it…this is the new error.
FATAL: connection requires a valid client certificate.
Any idea would be greatly appreciated.
-maz
From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:51 PM
To: 'pgsql-jdbc@postgresql.org'
Subject: RE: [JDBC] can't access through SSL
Hello,
I regenerated some new keys for my postgres server. I’ve placed them under /var/lib…./coord and shared them with the datanodes as well.
After adding the certificates to the keystore for my tomcat java application, I get the following error on my server.
LOG: could not accept SSL connection: sslv3 alert certificate unkown.
I thought I had to use JDBC 3 for this.
Any ideas?
-maz
From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:45 PM
To: pgsql-jdbc@postgresql.org
Subject: RE: [JDBC] can't access through SSL
Thx, one step closer.
From: Vitalii Tymchyshyn [mailto:tivv00@gmail.com]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] can't access through SSL
Try jdbc:postgresql://localhost:5432/testdb?ssl=true
2013/2/22 Maz Mohammadi <mmohammadi@pentaho.com>
Hello all,
I’m trying to access a postgres database through a java application (tomcat). This is the only entry I have in pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
hostssl all all 127.0.0.1/32 cert
and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….
This is my jdbc URL….
jdbc:postgresql://localhost:5432/testdb&ssl=true
But When I try to create a datasource on tomcat, I get the following error…
“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”
Any help is greatly appreciated.
-maz
--
Best regards,
Vitalii Tymchyshyn
On 02/23/2013 08:05 PM, Maz Mohammadi wrote: > I still can’t access my SSL enabled server!!! > > Is root.crt supposed to be an exact copy of server.crt file which I use > in my client’s keystore? > > I have another observation. As I start the coordinator node, I don’t > see any file access to the server.key or server.crt file? Aren’t these > files supposed to be read at start up time or at least when I try to > make a connection from my java application? > > Everything I try create a datasource on tomcat I get the follow error on > client and server’s console… > > FATAL: connection requires a valid client certificate. > > Am I missing something? It would seem that from this thread you are working with Postgres-XC not Postgres, is that correct? > > -maz > > -- Adrian Klaver adrian.klaver@gmail.com
Correct! I'm new postgresql and I need to figure this out for a client. I installed a bunch packages on my Ubuntu linux and hereI am. I've learned a lot. I have 2 datanodes, coordinator + gtm. -maz -----Original Message----- From: Adrian Klaver [mailto:adrian.klaver@gmail.com] Sent: Sunday, February 24, 2013 4:37 PM To: Maz Mohammadi Cc: pgsql-jdbc@postgresql.org; pgsql-general@postgresql.org Subject: Re: [GENERAL] [JDBC] can't access through SSL On 02/23/2013 08:05 PM, Maz Mohammadi wrote: > I still can't access my SSL enabled server!!! > > Is root.crt supposed to be an exact copy of server.crt file which I > use in my client's keystore? > > I have another observation. As I start the coordinator node, I don't > see any file access to the server.key or server.crt file? Aren't > these files supposed to be read at start up time or at least when I > try to make a connection from my java application? > > Everything I try create a datasource on tomcat I get the follow error > on client and server's console... > > FATAL: connection requires a valid client certificate. > > Am I missing something? It would seem that from this thread you are working with Postgres-XC not Postgres, is that correct? > > -maz > > -- Adrian Klaver adrian.klaver@gmail.com
On 02/24/2013 02:35 PM, Maz Mohammadi wrote: > Correct! > > I'm new postgresql and I need to figure this out for a client. I installed a bunch packages on my Ubuntu linux and hereI am. I've learned a lot. I have 2 datanodes, coordinator + gtm. Some general pointers on helping to figure this out: 1) Postgres-XC != Postgres. It shares a code base but adds more moving parts. Along that line, you will need to be more specific about how you have setup Postgres-XC and exactly which part is failing? I for one do not use it, so I am not really sure what datanodes, coordinator and gmt signify. On a related note XC has its own mailing list(https://lists.sourceforge.net/lists/listinfo/postgres-xc-general), it may turn out there are people there that can answer the question sooner. 2) JDBC. It would seem from this thread and the other that covered this topic that JDBC is not really the issue. To make your life simpler I would test your setup using psql until you get it running properly, then pull in JDBC to see if it adds any problems. Also, it is generally considered not good protocol to cross post the same issue to different lists. 3) Simple with more detail is better. Create a minimum use case and then provide maximum detail of how it was set up and run. For instance: a) What are the versions of the software? b) Where is the client being run from? c) Where is the server? d) How are both setup? e) What is being done between the client and the server? f) What do you expect to happen? g) What is actually happening? i) The actual error message(s)? > > -maz > -- Adrian Klaver adrian.klaver@gmail.com
1) Postgres-XC != Postgres. It shares a code base but adds more moving parts. Along that line, you will need to be more specific about how you have setup Postgres-XC and exactly which part is failing? I for one do not use it, so I am not really sure what datanodes, coordinator and gmt signify. On a related note XC has its own mailing list(https://lists.sourceforge.net/lists/listinfo/postgres-xc-general), it may turn out there are people there that can answer the question sooner.
2) JDBC. It would seem from this thread and the other that covered this topic that JDBC is not really the issue. To make your life simpler I would test your setup using psql until you get it running properly, then pull in JDBC to see if it adds any problems. Also, it is generally considered not good protocol to cross post the same issue to different lists.
3) Simple with more detail is better. Create a minimum use case and then provide maximum detail of how it was set up and run. For instance:Yes, answering those questions on the XC mailing list would be better when you report your problem there.
a) What are the versions of the software?
b) Where is the client being run from?
c) Where is the server?
d) How are both setup?
e) What is being done between the client and the server?
f) What do you expect to happen?
g) What is actually happening?
i) The actual error message(s)?
What is the node type where error happens?
Have you setup the SSL certificates on all the nodes?
Or anything that would help resolving what you see.
Does the error happen when connecting directly to a Datanode?
Michael