| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | Andrew M <andrew(at)jibeya(dot)com> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org, Kris Jurka <books(at)ejurka(dot)com> |
| Subject: | Re: PostgreSQL + SSL - sun.security.validator.ValidatorException |
| Date: | 2004-12-11 17:37:16 |
| Message-ID: | 41BB304C.30009@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
> The only problem with this is, how do you copy an openssl {key|crt} pair
> into a keytool keystore? Importing the crt into a keystore is not a
> problem as long as the crt is in x509 format, but the key poses a
> problem as the x509 format only handles trusted certificates.
When I created SSL certs for a internal webserver, I created my own root
certificate with the openssl tools, installed that in the server and client
trusted stores as a trusted RA, then used that root certificate to generate all
my other keys, which were then treated as trusted. To get new browser clients
to trust this RA cert, I had it available on a link off my home page, the user
simply had to click on the link, they'd get a certificate trust message, and
they click 'always trust', and the browser adds the cert to the root authority
list.
I would have to assume something similar can be done with java, and in fact, am
about to figure it out at work, since we need to do some SSL between a
standalone java application and a tomcat server.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris White (cjwhite) | 2004-12-11 17:42:15 | Re: [JDBC] Issue with large objects |
| Previous Message | Tom Lane | 2004-12-11 17:36:02 | Re: [JDBC] Issue with large objects |