Re: JDBC with SSL

Thanks for the quick reply, but I'm still having some difficulty.

I have been trying to connect to postgresql (redhat version 7.2.3.1) using
JDBC and SSL - I am using the 7.4 development driver.

I know that the server side is set up correctly because when connecting
using psql the connection is established using SSL.

However when connecting via JDBC I receive

PostgreSQL 7.4devel JDBC3 with SSL (build 204)

ssl = true

compatible = 7.4

loglevel = 2

Asking server if it supports ssl

Server response was (S=Yes,N=No): S

server does support ssl

converting regular socket connection to ssl

at org.postgresql.core.PGStream.flush(PGStream.java:364)

at
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
nection.java:269)

at org.postgresql.Driver.connect(Driver.java:137)

at java.sql.DriverManager.getConnection(DriverManager.java:512)

at java.sql.DriverManager.getConnection(DriverManager.java:140)

at docextractor.test.main(test.java:35)

Exception: An I/O error has occured while flushing the output - Exception:
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted certificate

Stack Trace:

javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted certificate

at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)

at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)

at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)

at org.postgresql.core.PGStream.flush(PGStream.java:360)

at
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
nection.java:269)

at org.postgresql.Driver.connect(Driver.java:137)

at java.sql.DriverManager.getConnection(DriverManager.java:512)

at java.sql.DriverManager.getConnection(DriverManager.java:140)

at docextractor.test.main(test.java:35)

Caused by: java.security.cert.CertificateException: Couldn't find trusted
certificate

at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)

at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
275)

at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
275)

... 15 more

End of Stack Trace

At the server side I get

Failed to inititalize SSL Connection: sslv3 alert certificate unknown
(Success)

I have not been able to find any clear resolutions to this problem. If
someone can shed some light on a solution to this problem it would be
greatly appreciated.

----- Original Message -----
From: "Barry Lind" <blind(at)xythos(dot)com>
To: "John Laban" <johnl(at)infotn(dot)com>
Cc: <pgsql-jdbc(at)postgresql(dot)org>
Sent: Thursday, March 27, 2003 5:58 PM
Subject: Re: [JDBC] JDBC with SSL

> John,
>
> This hasn't yet made it to the documentation.
>
> but adding ?ssl to the url should be what you need. (also consider
> using &loglevel=2 to turn on debugging info).
>
> --Barry
>
> John Laban wrote:
> > Hello,
> >
> > The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say
they include support for SSL. I can set up the server to use SSL, but I
can't seem to get the JDBC driver to actually connect using SSL. Is there
any documentation on this? Or is there a specific parameter I am supposed
to include in the connection URL?
> >
> > Any help in this would be appreciated.
> >
> > John Laban
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html