Thread: pgjdbc is not working with PKCS8 certificates with password

On 2/7/24 06:42, just madhu wrote:
> On further investigation,
> /With certificate generated as below. JDBC connection is successful./
> openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out 
> client.pk8  -passout pass:foobar / -v1 PBE-MD5-DES
> 
> But a connection from pgAdmin (connection failed: 
> \SSLCerts\pk8_pass\client_pass_PBE.pk8": no start line) and psql(psql: 
> error: could not load private key file "client_pass_PBE.pk8": 
> unsupported) is failing
> 
> Is there a common way in which certificate with passwords can be 
> created  for both libpq and jdbc ?


You may want to check with the pgjdbc project on github rather than (or 
in addition to?) here; see:

   https://github.com/pgjdbc/pgjdbc/issues

Joe

> On Wed, Feb 7, 2024 at 3:17 PM just madhu <justvmadhu@gmail.com 
> <mailto:justvmadhu@gmail.com>> wrote:
> 
>     Hi ,
> 
>     postgresql-42.7.1.jar
> 
>     Trying to use establish a connection using PKCS8 certificate created
>     with password.
> 
>     /openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
>     client.pk8  -passout pass:foobar
>     /
> 
>     I set the properties as below:
>     /.../
>     /sslProperties.setProperty("sslkey", "client.pk8");
>     sslProperties.setProperty("sslpassword","foobar");/
>     /.../
>     /Connection connection = DriverManager.getConnection(jdbcUrl,
>     sslProperties);
>     /
>     /..../
>     /This is failing with the error:/
>     /org.postgresql.util.PSQLException: SSL error: Connection reset
>     at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:43)
>     at
>     org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:584)
>     at
>     org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168)
>     /
>     /.../
> 
>     Regards,
>     Madhu
> 

-- 
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com

On 2/7/24 06:42, just madhu wrote:
> On further investigation,
> /With certificate generated as below. JDBC connection is successful./
> openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out 
> client.pk8  -passout pass:foobar / -v1 PBE-MD5-DES
> 
> But a connection from pgAdmin (connection failed: 
> \SSLCerts\pk8_pass\client_pass_PBE.pk8": no start line) and psql(psql: 
> error: could not load private key file "client_pass_PBE.pk8": 
> unsupported) is failing
> 
> Is there a common way in which certificate with passwords can be 
> created  for both libpq and jdbc ?


You may want to check with the pgjdbc project on github rather than (or 
in addition to?) here; see:

   https://github.com/pgjdbc/pgjdbc/issues

Joe

> On Wed, Feb 7, 2024 at 3:17 PM just madhu <justvmadhu@gmail.com 
> <mailto:justvmadhu@gmail.com>> wrote:
> 
>     Hi ,
> 
>     postgresql-42.7.1.jar
> 
>     Trying to use establish a connection using PKCS8 certificate created
>     with password.
> 
>     /openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
>     client.pk8  -passout pass:foobar
>     /
> 
>     I set the properties as below:
>     /.../
>     /sslProperties.setProperty("sslkey", "client.pk8");
>     sslProperties.setProperty("sslpassword","foobar");/
>     /.../
>     /Connection connection = DriverManager.getConnection(jdbcUrl,
>     sslProperties);
>     /
>     /..../
>     /This is failing with the error:/
>     /org.postgresql.util.PSQLException: SSL error: Connection reset
>     at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:43)
>     at
>     org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:584)
>     at
>     org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168)
>     /
>     /.../
> 
>     Regards,
>     Madhu
> 

-- 
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com