Re: JDBC with SSL

From: Csaba Nagy <nagy(at)ecircle-ag(dot)com>
To: John Laban <johnl(at)infotn(dot)com>
Cc: Barry Lind <blind(at)xythos(dot)com>, Postgres JDBC <pgsql-jdbc(at)postgresql(dot)org>
Subject: Re: JDBC with SSL
Date: 2003-03-28 17:48:09
Message-ID: 1048873689.31422.8.camel@coppola.ecircle.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

You can set the security provider (or something similar, read the
security docs) to your own implementation to permit any certificate.
You can do this on app initialization.
I did it once but forget how :D

HTH,
Csaba.

On Fri, 2003-03-28 at 18:06, John Laban wrote:
> Hello again,
>
> I have made numerous attempts to import the certificate from the server to
> the client machine using java keytool with no success - the keytool
> complains that the file is not a valid X.509 format.
>
> Additionally, for my application, only the encryption of the channel is
> important so if it is possible to create an ssl connection without the
> authentication portion that would be the best solution.
>
>
> However I would still appreciate any information on how to import the
> certificate (as generated using the Postgresql documention) into the java
> certificate store.
>
>
>
> ----- Original Message -----
> From: "Barry Lind" <blind(at)xythos(dot)com>
> To: "John Laban" <johnl(at)infotn(dot)com>
> Cc: <pgsql-jdbc(at)postgresql(dot)org>
> Sent: Friday, March 28, 2003 11:11 AM
> Subject: Re: [JDBC] JDBC with SSL
>
>
> > John,
> >
> > The error message indicates that your client doesn't trust the servers
> > certificate. My guess is that you are using a self-signed certificate
> > on the server. If you want to be able to connect you are going to need
> > to import that certificate into the client side java certificate store
> > so that it recognizes the self-signed certificate as valid and trusted.
> >
> > thanks,
> > --Barry
> >
> >
> > John Laban wrote:
> > > Thanks for the quick reply, but I'm still having some difficulty.
> > >
> > > I have been trying to connect to postgresql (redhat version 7.2.3.1)
> using
> > > JDBC and SSL - I am using the 7.4 development driver.
> > >
> > > I know that the server side is set up correctly because when connecting
> > > using psql the connection is established using SSL.
> > >
> > >
> > > However when connecting via JDBC I receive
> > >
> > >
> > >
> > >
> > > PostgreSQL 7.4devel JDBC3 with SSL (build 204)
> > >
> > > ssl = true
> > >
> > > compatible = 7.4
> > >
> > > loglevel = 2
> > >
> > > Asking server if it supports ssl
> > >
> > > Server response was (S=Yes,N=No): S
> > >
> > > server does support ssl
> > >
> > > converting regular socket connection to ssl
> > >
> > >
> > >
> > > at org.postgresql.core.PGStream.flush(PGStream.java:364)
> > >
> > > at
> > >
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > nection.java:269)
> > >
> > > at org.postgresql.Driver.connect(Driver.java:137)
> > >
> > > at
> java.sql.DriverManager.getConnection(DriverManager.java:512)
> > >
> > > at
> java.sql.DriverManager.getConnection(DriverManager.java:140)
> > >
> > > at docextractor.test.main(test.java:35)
> > >
> > >
> > > Exception: An I/O error has occured while flushing the output -
> Exception:
> > > javax.net.ssl.SSLHandshakeException:
> > > java.security.cert.CertificateException: Couldn't find trusted
> certificate
> > >
> > > Stack Trace:
> > >
> > >
> > >
> > > javax.net.ssl.SSLHandshakeException:
> > > java.security.cert.CertificateException: Couldn't find trusted
> certificate
> > >
> > > at
> com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > >
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > >
> > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > >
> > > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> > >
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> > >
> > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > >
> > > at
> > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> > >
> > > at
> > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
> > >
> > > at
> > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
> > >
> > > at org.postgresql.core.PGStream.flush(PGStream.java:360)
> > >
> > > at
> > >
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> > > nection.java:269)
> > >
> > > at org.postgresql.Driver.connect(Driver.java:137)
> > >
> > > at
> java.sql.DriverManager.getConnection(DriverManager.java:512)
> > >
> > > at
> java.sql.DriverManager.getConnection(DriverManager.java:140)
> > >
> > > at docextractor.test.main(test.java:35)
> > >
> > >
> > > Caused by: java.security.cert.CertificateException: Couldn't find
> trusted
> > > certificate
> > >
> > >
> > > at
> > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> > >
> > > at
> > >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> > > 275)
> > >
> > > at
> > >
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> > > 275)
> > >
> > > ... 15 more
> > >
> > >
> > > End of Stack Trace
> > >
> > >
> > >
> > >
> > >
> > > At the server side I get
> > >
> > >
> > >
> > > Failed to inititalize SSL Connection: sslv3 alert certificate unknown
> > > (Success)
> > >
> > >
> > >
> > >
> > > I have not been able to find any clear resolutions to this problem. If
> > > someone can shed some light on a solution to this problem it would be
> > > greatly appreciated.
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Barry Lind" <blind(at)xythos(dot)com>
> > > To: "John Laban" <johnl(at)infotn(dot)com>
> > > Cc: <pgsql-jdbc(at)postgresql(dot)org>
> > > Sent: Thursday, March 27, 2003 5:58 PM
> > > Subject: Re: [JDBC] JDBC with SSL
> > >
> > >
> > >
> > >>John,
> > >>
> > >>This hasn't yet made it to the documentation.
> > >>
> > >>but adding ?ssl to the url should be what you need. (also consider
> > >>using &loglevel=2 to turn on debugging info).
> > >>
> > >>--Barry
> > >>
> > >>John Laban wrote:
> > >>
> > >>>Hello,
> > >>>
> > >>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23)
> say
> > >
> > > they include support for SSL. I can set up the server to use SSL, but I
> > > can't seem to get the JDBC driver to actually connect using SSL. Is
> there
> > > any documentation on this? Or is there a specific parameter I am
> supposed
> > > to include in the connection URL?
> > >
> > >>>Any help in this would be appreciated.
> > >>>
> > >>>John Laban
> > >>>
> > >>
> > >>
> > >>---------------------------(end of broadcast)---------------------------
> > >>TIP 5: Have you checked our extensive FAQ?
> > >>
> > >>http://www.postgresql.org/docs/faqs/FAQ.html
> > >
> > >
> > >
> > > ---------------------------(end of broadcast)---------------------------
> > > TIP 6: Have you searched our list archives?
> > >
> > > http://archives.postgresql.org
> > >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>

In response to

Browse pgsql-jdbc by date

  From Date Subject
Next Message Barry Lind 2003-03-28 18:50:02 Re: JDBC with SSL
Previous Message John Laban 2003-03-28 17:06:11 Re: JDBC with SSL