From: | Barry Lind <blind(at)xythos(dot)com> |
---|---|
To: | John Laban <johnl(at)infotn(dot)com> |
Cc: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: JDBC with SSL |
Date: | 2003-03-28 18:50:02 |
Message-ID: | 3E84995A.8020706@xythos.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
John,
I have done this before, but I don't remember the exact steps. Java is
very particular about the formats of certs it accepts. I ended up doing
a google search and found some good instructions on how to get java to
import an openssl created cert. Unfortunately I didn't keep those
instructions.
--Barry
John Laban wrote:
> Hello again,
>
> I have made numerous attempts to import the certificate from the server to
> the client machine using java keytool with no success - the keytool
> complains that the file is not a valid X.509 format.
>
> Additionally, for my application, only the encryption of the channel is
> important so if it is possible to create an ssl connection without the
> authentication portion that would be the best solution.
>
>
> However I would still appreciate any information on how to import the
> certificate (as generated using the Postgresql documention) into the java
> certificate store.
>
>
>
> ----- Original Message -----
> From: "Barry Lind" <blind(at)xythos(dot)com>
> To: "John Laban" <johnl(at)infotn(dot)com>
> Cc: <pgsql-jdbc(at)postgresql(dot)org>
> Sent: Friday, March 28, 2003 11:11 AM
> Subject: Re: [JDBC] JDBC with SSL
>
>
>
>>John,
>>
>>The error message indicates that your client doesn't trust the servers
>>certificate. My guess is that you are using a self-signed certificate
>>on the server. If you want to be able to connect you are going to need
>>to import that certificate into the client side java certificate store
>>so that it recognizes the self-signed certificate as valid and trusted.
>>
>>thanks,
>>--Barry
>>
>>
>>John Laban wrote:
>>
>>>Thanks for the quick reply, but I'm still having some difficulty.
>>>
>>>I have been trying to connect to postgresql (redhat version 7.2.3.1)
>
> using
>
>>>JDBC and SSL - I am using the 7.4 development driver.
>>>
>>>I know that the server side is set up correctly because when connecting
>>>using psql the connection is established using SSL.
>>>
>>>
>>>However when connecting via JDBC I receive
>>>
>>>
>>>
>>>
>>>PostgreSQL 7.4devel JDBC3 with SSL (build 204)
>>>
>>> ssl = true
>>>
>>> compatible = 7.4
>>>
>>> loglevel = 2
>>>
>>>Asking server if it supports ssl
>>>
>>>Server response was (S=Yes,N=No): S
>>>
>>>server does support ssl
>>>
>>>converting regular socket connection to ssl
>>>
>>>
>>>
>>> at org.postgresql.core.PGStream.flush(PGStream.java:364)
>>>
>>> at
>>>
>
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
>
>>>nection.java:269)
>>>
>>> at org.postgresql.Driver.connect(Driver.java:137)
>>>
>>> at
>
> java.sql.DriverManager.getConnection(DriverManager.java:512)
>
>>> at
>
> java.sql.DriverManager.getConnection(DriverManager.java:140)
>
>>> at docextractor.test.main(test.java:35)
>>>
>>>
>>>Exception: An I/O error has occured while flushing the output -
>
> Exception:
>
>>>javax.net.ssl.SSLHandshakeException:
>>>java.security.cert.CertificateException: Couldn't find trusted
>
> certificate
>
>>>Stack Trace:
>>>
>>>
>>>
>>>javax.net.ssl.SSLHandshakeException:
>>>java.security.cert.CertificateException: Couldn't find trusted
>
> certificate
>
>>> at
>
> com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
>
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>>>
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>>>
>>> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>>>
>>> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>>>
>>> at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
>>>
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>>>
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
>>>
>>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>>>
>>> at
>>>com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
>>>
>>> at
>>>java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
>>>
>>> at
>>>java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
>>>
>>> at org.postgresql.core.PGStream.flush(PGStream.java:360)
>>>
>>> at
>>>
>
> org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc1Con
>
>>>nection.java:269)
>>>
>>> at org.postgresql.Driver.connect(Driver.java:137)
>>>
>>> at
>
> java.sql.DriverManager.getConnection(DriverManager.java:512)
>
>>> at
>
> java.sql.DriverManager.getConnection(DriverManager.java:140)
>
>>> at docextractor.test.main(test.java:35)
>>>
>>>
>>>Caused by: java.security.cert.CertificateException: Couldn't find
>
> trusted
>
>>>certificate
>>>
>>>
>>> at
>>>com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
>>>
>>> at
>>>
>
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
>
>>>275)
>>>
>>> at
>>>
>
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
>
>>>275)
>>>
>>> ... 15 more
>>>
>>>
>>>End of Stack Trace
>>>
>>>
>>>
>>>
>>>
>>>At the server side I get
>>>
>>>
>>>
>>>Failed to inititalize SSL Connection: sslv3 alert certificate unknown
>>>(Success)
>>>
>>>
>>>
>>>
>>>I have not been able to find any clear resolutions to this problem. If
>>>someone can shed some light on a solution to this problem it would be
>>>greatly appreciated.
>>>
>>>
>>>
>>>----- Original Message -----
>>>From: "Barry Lind" <blind(at)xythos(dot)com>
>>>To: "John Laban" <johnl(at)infotn(dot)com>
>>>Cc: <pgsql-jdbc(at)postgresql(dot)org>
>>>Sent: Thursday, March 27, 2003 5:58 PM
>>>Subject: Re: [JDBC] JDBC with SSL
>>>
>>>
>>>
>>>
>>>>John,
>>>>
>>>>This hasn't yet made it to the documentation.
>>>>
>>>>but adding ?ssl to the url should be what you need. (also consider
>>>>using &loglevel=2 to turn on debugging info).
>>>>
>>>>--Barry
>>>>
>>>>John Laban wrote:
>>>>
>>>>
>>>>>Hello,
>>>>>
>>>>>The newest developement JDBC drivers (7.4dev, build 204, 2003-03-23)
>
> say
>
>>>they include support for SSL. I can set up the server to use SSL, but I
>>>can't seem to get the JDBC driver to actually connect using SSL. Is
>
> there
>
>>>any documentation on this? Or is there a specific parameter I am
>
> supposed
>
>>>to include in the connection URL?
>>>
>>>
>>>>>Any help in this would be appreciated.
>>>>>
>>>>>John Laban
>>>>>
>>>>
>>>>
>>>>---------------------------(end of broadcast)---------------------------
>>>>TIP 5: Have you checked our extensive FAQ?
>>>>
>>>>http://www.postgresql.org/docs/faqs/FAQ.html
>>>
>>>
>>>
>>>---------------------------(end of broadcast)---------------------------
>>>TIP 6: Have you searched our list archives?
>>>
>>>http://archives.postgresql.org
>>>
>>
>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 6: Have you searched our list archives?
>>
>>http://archives.postgresql.org
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>
From | Date | Subject | |
---|---|---|---|
Next Message | Nagy Istvan | 2003-03-28 19:07:19 | Re: JDBC with SSL |
Previous Message | Csaba Nagy | 2003-03-28 17:48:09 | Re: JDBC with SSL |