Re: [JDBC] can't access through SSL

From: Maz Mohammadi <mmohammadi(at)pentaho(dot)com>
To: Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>
Cc: "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: [JDBC] can't access through SSL
Date: 2013-02-25 01:54:44
Message-ID: 9F992F0A0D9BA04F914597F75435942D09576C50FB@MBX36.exg5.exghost.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-jdbc

Hi Adrian,

Thanks for sharing some pointers with me. You are right, it's not actually an JDBC driver issue. I posted it on jdbc, because I'm accessing it from a jdbc client, I thought there might be some security issues with the JDBC driver.

1) I'm running postgres-xc v. 9.1. I'm "pretty" sure that my postgres setup is correct. Another person from this distribution list help me a bit. This test shows me that the ssl is setup correctly on my server...

----------
postgres-xc(at)adminuser-VirtualBox:~/datanode2$ psql
psql (PGXC 1.0.0, based on PG 9.1.4)
Type "help" for help.

postgres=# \q
postgres-xc(at)adminuser-VirtualBox:~/datanode2$ psql -h localhost
psql: FATAL: connection requires a valid client certificate
FATAL: no pg_hba.conf entry for host "127.0.0.1", user "postgres-xc", database "postgres", SSL off
postgres-xc(at)adminuser-VirtualBox:~/datanode2$
------------

2) My client is a tomcat server. I've placed JDBC3 drivers (jar file) in the WEB-INF lib directory of my webapp.

3) MY jdbc url is "jdbc:postgresql://localhost:5432:testdb?ssl=true", and believe me.... username and password are correct.

4) Both postgres and tomcat are running on the same machine (an Ubuntu linux virtual box).

5) when I try to create a JDBC datasource on my tomcat, I enter the JDBC url + user + password, and I'm expecting it to be able to connect to it and at least get a "test successful" but I don't. I get the error that I sent...
"Connection attempt failed: FATAL: connection requires a valid client certificate"

6) I've also specified the following java options..
-Djavax.net.ssl.trustStore=/home/adminuser/pentaho/keycerts/mazstore -Djavax.net.ssl.trustStorePassword=password

I'll post this on the other distribution list. BTW, I don't see much in the log files under /var/log directory.

-maz

-----Original Message-----
From: Adrian Klaver [mailto:adrian(dot)klaver(at)gmail(dot)com]
Sent: Sunday, February 24, 2013 8:08 PM
To: Maz Mohammadi
Cc: pgsql-jdbc(at)postgresql(dot)org; pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] [JDBC] can't access through SSL

On 02/24/2013 02:35 PM, Maz Mohammadi wrote:
> Correct!
>
> I'm new postgresql and I need to figure this out for a client. I installed a bunch packages on my Ubuntu linux and here I am. I've learned a lot. I have 2 datanodes, coordinator + gtm.

Some general pointers on helping to figure this out:

1) Postgres-XC != Postgres. It shares a code base but adds more moving parts. Along that line, you will need to be more specific about how you have setup Postgres-XC and exactly which part is failing? I for one do not use it, so I am not really sure what datanodes, coordinator and gmt signify. On a related note XC has its own mailing list(https://lists.sourceforge.net/lists/listinfo/postgres-xc-general),
it may turn out there are people there that can answer the question sooner.

2) JDBC. It would seem from this thread and the other that covered this topic that JDBC is not really the issue. To make your life simpler I would test your setup using psql until you get it running properly, then pull in JDBC to see if it adds any problems. Also, it is generally considered not good protocol to cross post the same issue to different lists.

3) Simple with more detail is better. Create a minimum use case and then provide maximum detail of how it was set up and run. For instance:

a) What are the versions of the software?
b) Where is the client being run from?
c) Where is the server?
d) How are both setup?
e) What is being done between the client and the server?
f) What do you expect to happen?
g) What is actually happening?
i) The actual error message(s)?

>
> -maz
>

--
Adrian Klaver
adrian(dot)klaver(at)gmail(dot)com

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tom Duffey 2013-02-25 02:13:20 Floating point error
Previous Message Adrian Klaver 2013-02-25 01:07:46 Re: [GENERAL] can't access through SSL

Browse pgsql-jdbc by date

  From Date Subject
Next Message Adrian Klaver 2013-02-25 03:45:18 Re: [JDBC] can't access through SSL
Previous Message Adrian Klaver 2013-02-25 01:07:46 Re: [GENERAL] can't access through SSL