Re: JDBC with SSL

From: "John Laban" <johnl(at)infotn(dot)com>
To: "Barry Lind" <blind(at)xythos(dot)com>
Cc: <pgsql-jdbc(at)postgresql(dot)org>
Subject: Re: JDBC with SSL
Date: 2003-03-28 17:06:11
Message-ID: 007401c2f54c$555fda60$5ac8a8c0@infotn9
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

Hello again,

I have made numerous attempts to import the certificate from the server to
the client machine using java keytool with no success - the keytool
complains that the file is not a valid X.509 format.

Additionally, for my application, only the encryption of the channel is
important so if it is possible to create an ssl connection without the
authentication portion that would be the best solution.

However I would still appreciate any information on how to import the
certificate (as generated using the Postgresql documention) into the java
certificate store.

----- Original Message -----
From: "Barry Lind" <blind(at)xythos(dot)com>
To: "John Laban" <johnl(at)infotn(dot)com>
Cc: <pgsql-jdbc(at)postgresql(dot)org>
Sent: Friday, March 28, 2003 11:11 AM
Subject: Re: [JDBC] JDBC with SSL

> John,
>
> The error message indicates that your client doesn't trust the servers
> certificate. My guess is that you are using a self-signed certificate
> on the server. If you want to be able to connect you are going to need
> to import that certificate into the client side java certificate store
> so that it recognizes the self-signed certificate as valid and trusted.
>
> thanks,
> --Barry
>
>
> John Laban wrote:
> > Thanks for the quick reply, but I'm still having some difficulty.
> >
> > I have been trying to connect to postgresql (redhat version 7.2.3.1)
using
> > JDBC and SSL - I am using the 7.4 development driver.
> >
> > I know that the server side is set up correctly because when connecting
> > using psql the connection is established using SSL.
> >
> >
> > However when connecting via JDBC I receive
> >
> >
> >
> >
> > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> >
> > ssl = true
> >
> > compatible = 7.4
> >
> > loglevel = 2
> >
> > Asking server if it supports ssl
> >
> > Server response was (S=Yes,N=No): S
> >
> > server does support ssl
> >
> > converting regular socket connection to ssl
> >
> >
> >
> > at org.postgresql.core.PGStream.flush(PGStream.java:364)
> >
> > at
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > nection.java:269)
> >
> > at org.postgresql.Driver.connect(Driver.java:137)
> >
> > at
java.sql.DriverManager.getConnection(DriverManager.java:512)
> >
> > at
java.sql.DriverManager.getConnection(DriverManager.java:140)
> >
> > at docextractor.test.main(test.java:35)
> >
> >
> > Exception: An I/O error has occured while flushing the output -
Exception:
> > javax.net.ssl.SSLHandshakeException:
> > java.security.cert.CertificateException: Couldn't find trusted
certificate
> >
> > Stack Trace:
> >
> >
> >
> > javax.net.ssl.SSLHandshakeException:
> > java.security.cert.CertificateException: Couldn't find trusted
certificate
> >
> > at
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> >
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >
> > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> >
> > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> >
> > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> >
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> >
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> >
> > at
> > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> >
> > at
> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> >
> > at
> > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> >
> > at org.postgresql.core.PGStream.flush(PGStream.java:360)
> >
> > at
> >
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > nection.java:269)
> >
> > at org.postgresql.Driver.connect(Driver.java:137)
> >
> > at
java.sql.DriverManager.getConnection(DriverManager.java:512)
> >
> > at
java.sql.DriverManager.getConnection(DriverManager.java:140)
> >
> > at docextractor.test.main(test.java:35)
> >
> >
> > Caused by: java.security.cert.CertificateException: Couldn't find
trusted
> > certificate
> >
> >
> > at
> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> >
> > at
> >
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > 275)
> >
> > at
> >
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > 275)
> >
> > ... 15 more
> >
> >
> > End of Stack Trace
> >
> >
> >
> >
> >
> > At the server side I get
> >
> >
> >
> > Failed to inititalize SSL Connection: sslv3 alert certificate unknown
> > (Success)
> >
> >
> >
> >
> > I have not been able to find any clear resolutions to this problem. If
> > someone can shed some light on a solution to this problem it would be
> > greatly appreciated.
> >
> >
> >
> > ----- Original Message -----
> > From: "Barry Lind" <blind(at)xythos(dot)com>
> > To: "John Laban" <johnl(at)infotn(dot)com>
> > Cc: <pgsql-jdbc(at)postgresql(dot)org>
> > Sent: Thursday, March 27, 2003 5:58 PM
> > Subject: Re: [JDBC] JDBC with SSL
> >
> >
> >
> >>John,
> >>
> >>This hasn't yet made it to the documentation.
> >>
> >>but adding ?ssl to the url should be what you need. (also consider
> >>using &loglevel=2 to turn on debugging info).
> >>
> >>--Barry
> >>
> >>John Laban wrote:
> >>
> >>>Hello,
> >>>
> >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23)
say
> >
> > they include support for SSL. I can set up the server to use SSL, but I
> > can't seem to get the JDBC driver to actually connect using SSL. Is
there
> > any documentation on this? Or is there a specific parameter I am
supposed
> > to include in the connection URL?
> >
> >>>Any help in this would be appreciated.
> >>>
> >>>John Laban
> >>>
> >>
> >>
> >>---------------------------(end of broadcast)---------------------------
> >>TIP 5: Have you checked our extensive FAQ?
> >>
> >>http://www.postgresql.org/docs/faqs/FAQ.html
> >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org

In response to

Responses

Browse pgsql-jdbc by date

  From Date Subject
Next Message Csaba Nagy 2003-03-28 17:48:09 Re: JDBC with SSL
Previous Message Barry Lind 2003-03-28 16:11:21 Re: JDBC with SSL