From: | Maz Mohammadi <mmohammadi(at)pentaho(dot)com> |
---|---|
To: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> |
Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: [JDBC] can't access through SSL |
Date: | 2013-02-25 01:54:44 |
Message-ID: | 9F992F0A0D9BA04F914597F75435942D09576C50FB@MBX36.exg5.exghost.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-jdbc |
Hi Adrian,
Thanks for sharing some pointers with me. You are right, it's not actually an JDBC driver issue. I posted it on jdbc, because I'm accessing it from a jdbc client, I thought there might be some security issues with the JDBC driver.
1) I'm running postgres-xc v. 9.1. I'm "pretty" sure that my postgres setup is correct. Another person from this distribution list help me a bit. This test shows me that the ssl is setup correctly on my server...
----------
postgres-xc(at)adminuser-VirtualBox:~/datanode2$ psql
psql (PGXC 1.0.0, based on PG 9.1.4)
Type "help" for help.
postgres=# \q
postgres-xc(at)adminuser-VirtualBox:~/datanode2$ psql -h localhost
psql: FATAL: connection requires a valid client certificate
FATAL: no pg_hba.conf entry for host "127.0.0.1", user "postgres-xc", database "postgres", SSL off
postgres-xc(at)adminuser-VirtualBox:~/datanode2$
------------
2) My client is a tomcat server. I've placed JDBC3 drivers (jar file) in the WEB-INF lib directory of my webapp.
3) MY jdbc url is "jdbc:postgresql://localhost:5432:testdb?ssl=true", and believe me.... username and password are correct.
4) Both postgres and tomcat are running on the same machine (an Ubuntu linux virtual box).
5) when I try to create a JDBC datasource on my tomcat, I enter the JDBC url + user + password, and I'm expecting it to be able to connect to it and at least get a "test successful" but I don't. I get the error that I sent...
"Connection attempt failed: FATAL: connection requires a valid client certificate"
6) I've also specified the following java options..
-Djavax.net.ssl.trustStore=/home/adminuser/pentaho/keycerts/mazstore -Djavax.net.ssl.trustStorePassword=password
I'll post this on the other distribution list. BTW, I don't see much in the log files under /var/log directory.
-maz
-----Original Message-----
From: Adrian Klaver [mailto:adrian(dot)klaver(at)gmail(dot)com]
Sent: Sunday, February 24, 2013 8:08 PM
To: Maz Mohammadi
Cc: pgsql-jdbc(at)postgresql(dot)org; pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] [JDBC] can't access through SSL
On 02/24/2013 02:35 PM, Maz Mohammadi wrote:
> Correct!
>
> I'm new postgresql and I need to figure this out for a client. I installed a bunch packages on my Ubuntu linux and here I am. I've learned a lot. I have 2 datanodes, coordinator + gtm.
Some general pointers on helping to figure this out:
1) Postgres-XC != Postgres. It shares a code base but adds more moving parts. Along that line, you will need to be more specific about how you have setup Postgres-XC and exactly which part is failing? I for one do not use it, so I am not really sure what datanodes, coordinator and gmt signify. On a related note XC has its own mailing list(https://lists.sourceforge.net/lists/listinfo/postgres-xc-general),
it may turn out there are people there that can answer the question sooner.
2) JDBC. It would seem from this thread and the other that covered this topic that JDBC is not really the issue. To make your life simpler I would test your setup using psql until you get it running properly, then pull in JDBC to see if it adds any problems. Also, it is generally considered not good protocol to cross post the same issue to different lists.
3) Simple with more detail is better. Create a minimum use case and then provide maximum detail of how it was set up and run. For instance:
a) What are the versions of the software?
b) Where is the client being run from?
c) Where is the server?
d) How are both setup?
e) What is being done between the client and the server?
f) What do you expect to happen?
g) What is actually happening?
i) The actual error message(s)?
>
> -maz
>
--
Adrian Klaver
adrian(dot)klaver(at)gmail(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Duffey | 2013-02-25 02:13:20 | Floating point error |
Previous Message | Adrian Klaver | 2013-02-25 01:07:46 | Re: [GENERAL] can't access through SSL |
From | Date | Subject | |
---|---|---|---|
Next Message | Adrian Klaver | 2013-02-25 03:45:18 | Re: [JDBC] can't access through SSL |
Previous Message | Adrian Klaver | 2013-02-25 01:07:46 | Re: [GENERAL] can't access through SSL |