| From: | Giuseppe Sacco <giuseppe(at)eppesuigoccas(dot)homedns(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org, Asia <asia123321(at)op(dot)pl> |
| Subject: | Re: SSL certificates issue |
| Date: | 2011-08-23 07:29:19 |
| Message-ID: | 1314084561.5070.19.camel@scarafaggio |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Il giorno lun, 22/08/2011 alle 09.37 -0400, Tom Lane ha scritto:
> Asia <asia123321(at)op(dot)pl> writes:
> > Now the issue is then when using libpq it was enough to have only root certificate in server's root.crt and it worked fine.
> > But when I tried using the same with JDBC it turned out that I need to put whole chain (2 certs) of Intermediate CA 1 in server's root.crt.
[...]
> In the JDBC case you'd need to put all those certs into the client's
> keystore, which I'm afraid I don't know the details of doing. Possibly
> somebody on pgsql-jdbc could help you with that.
you should import CA certificate in your JRE ca certstore with commands:
cd $JAVA_HOME/jre/lib/security
keytool -import -trustcacerts -alias $YOURCAALIAS \
-file $YOURCACERTFILE -keystore cacerts
I usually store in client and server certificates the whole chain from
primary CA.
Bye,
Giuseppe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2011-08-23 07:32:15 | Re: Getting value of bind variables |
| Previous Message | Asia | 2011-08-23 06:39:51 | Re: SSL certificates issue |