From: | Rob Sargent <robjsargent(at)gmail(dot)com> |
---|---|
To: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | self-made certs not quite right |
Date: | 2021-03-02 23:12:44 |
Message-ID: | 4d4837c5-22db-27b8-2592-7fc7c482f02e@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
I'm trying to follow instrux in V12:18.9.5 Creating Certificates. [1]
I'm stuck in my basement so all references to "/CN=FQN" have been set to
$(hostname), just the hostname, because $(domainname) returns "(none)"
which I presume is akin to null.
With my newly minted certs and keys using psql (to either $(hostname) or
localhost) I get the "SSL connection (protocol: TLSv1.3...) message, so
long as I have an empty ~/.postgresql directory. If I copy the
generated root.crt to ~/.postgresql (chown me.me; chmod 400) I get a
plain connection (no ssl).
With root.crt in ~/.postgresql, testing the jdbc connection from a
tomcat server generates this failure (again either localhost or $(hostname))
Blow out on db connection to jdbc:postgresql://localhost:5432/postgres;
SSL error: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
org.postgresql.util.PSQLException: SSL error: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
Is this a pkcs v. pem cat fight? Or is there enough here to tell which
step went south, or just start over?
From | Date | Subject | |
---|---|---|---|
Next Message | Asaf Flescher | 2021-03-02 23:15:43 | Re: Locks in creating a partition in CREATE TABLE vs ALTER TABLE |
Previous Message | Alvaro Herrera | 2021-03-02 22:28:56 | Re: Locks in creating a partition in CREATE TABLE vs ALTER TABLE |