Re: JDBC with SSL

From: Barry Lind <blind(at)xythos(dot)com>
To: John Laban <johnl(at)infotn(dot)com>
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: JDBC with SSL
Date: 2003-03-28 16:11:21
Message-ID: 3E847429.4000300@xythos.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

John,

The error message indicates that your client doesn't trust the servers
certificate. My guess is that you are using a self-signed certificate
on the server. If you want to be able to connect you are going to need
to import that certificate into the client side java certificate store
so that it recognizes the self-signed certificate as valid and trusted.

thanks,
--Barry

John Laban wrote:
> Thanks for the quick reply, but I'm still having some difficulty.
>
> I have been trying to connect to postgresql (redhat version 7.2.3.1) using
> JDBC and SSL - I am using the 7.4 development driver.
>
> I know that the server side is set up correctly because when connecting
> using psql the connection is established using SSL.
>
>
> However when connecting via JDBC I receive
>
>
>
>
> PostgreSQL 7.4devel JDBC3 with SSL (build 204)
>
> ssl = true
>
> compatible = 7.4
>
> loglevel = 2
>
> Asking server if it supports ssl
>
> Server response was (S=Yes,N=No): S
>
> server does support ssl
>
> converting regular socket connection to ssl
>
>
>
> at org.postgresql.core.PGStream.flush(PGStream.java:364)
>
> at
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> nection.java:269)
>
> at org.postgresql.Driver.connect(Driver.java:137)
>
> at java.sql.DriverManager.getConnection(DriverManager.java:512)
>
> at java.sql.DriverManager.getConnection(DriverManager.java:140)
>
> at docextractor.test.main(test.java:35)
>
>
> Exception: An I/O error has occured while flushing the output - Exception:
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Couldn't find trusted certificate
>
> Stack Trace:
>
>
>
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Couldn't find trusted certificate
>
> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>
> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>
> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>
> at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
>
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
>
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
>
> at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
>
> at org.postgresql.core.PGStream.flush(PGStream.java:360)
>
> at
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
> nection.java:269)
>
> at org.postgresql.Driver.connect(Driver.java:137)
>
> at java.sql.DriverManager.getConnection(DriverManager.java:512)
>
> at java.sql.DriverManager.getConnection(DriverManager.java:140)
>
> at docextractor.test.main(test.java:35)
>
>
> Caused by: java.security.cert.CertificateException: Couldn't find trusted
> certificate
>
>
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
>
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> 275)
>
> at
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> 275)
>
> ... 15 more
>
>
> End of Stack Trace
>
>
>
>
>
> At the server side I get
>
>
>
> Failed to inititalize SSL Connection: sslv3 alert certificate unknown
> (Success)
>
>
>
>
> I have not been able to find any clear resolutions to this problem. If
> someone can shed some light on a solution to this problem it would be
> greatly appreciated.
>
>
>
> ----- Original Message -----
> From: "Barry Lind" <blind(at)xythos(dot)com>
> To: "John Laban" <johnl(at)infotn(dot)com>
> Cc: <pgsql-jdbc(at)postgresql(dot)org>
> Sent: Thursday, March 27, 2003 5:58 PM
> Subject: Re: [JDBC] JDBC with SSL
>
>
>
>>John,
>>
>>This hasn't yet made it to the documentation.
>>
>>but adding ?ssl to the url should be what you need. (also consider
>>using &loglevel=2 to turn on debugging info).
>>
>>--Barry
>>
>>John Laban wrote:
>>
>>>Hello,
>>>
>>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23) say
>
> they include support for SSL. I can set up the server to use SSL, but I
> can't seem to get the JDBC driver to actually connect using SSL. Is there
> any documentation on this? Or is there a specific parameter I am supposed
> to include in the connection URL?
>
>>>Any help in this would be appreciated.
>>>
>>>John Laban
>>>
>>
>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 5: Have you checked our extensive FAQ?
>>
>>http://www.postgresql.org/docs/faqs/FAQ.html
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
>

In response to

Responses

Browse pgsql-jdbc by date

  From Date Subject
Next Message John Laban 2003-03-28 17:06:11 Re: JDBC with SSL
Previous Message John Laban 2003-03-28 16:01:31 Re: JDBC with SSL