RE: SSL connection issue with JDBC

Hi Dave,

It works now with DER format. Using below parameters now and “postgresql-42.2.5” driver.

String url1 = "jdbc:postgresql://<host>:5432/postgres?user=postgres"
+ "&password=<password>"
+ "&sslmode=verify-ca"
+ "&sslcert=<path>\postgresql.crt"
+ "&sslkey=<path>\my.key.der"
+ "&sslrootcert=<path>\root.crt";

Thanks,
Anup

From: Dave Cramer <pg(at)fastcrypt(dot)com>
Sent: Saturday, May 18, 2019 12:51 AM
To: David Wall <d(dot)wall(at)computer(dot)org>
Cc: pgsql-jdbc(at)lists(dot)postgresql(dot)org
Subject: Re: SSL connection issue with JDBC

One thing is the certs for java have to be in DER format.

https://github.com/pgjdbc/pgjdbc/blob/master/docs/documentation/head/connect.md

* Note: The key file must be in DER format<https://wiki.openssl.org/index.php/DER>. A PEM key can be converted to DER format using the openssl command:

openssl pkcs8 -topk8 -inform PEM -in my.key -outform DER -out my.key.der

*

Dave Cramer

davec(at)postgresintl(dot)com<mailto:davec(at)postgresintl(dot)com>
www.postgresintl.com<http://www.postgresintl.com>

On Tue, 14 May 2019 at 13:07, David Wall <d(dot)wall(at)computer(dot)org<mailto:d(dot)wall(at)computer(dot)org>> wrote:
On 5/14/19 9:31 AM, Rob Sargent wrote:

If I use latest JDBC postgrsql driver "postgresql-42.2.5" then I get below error.
Anup
Update you jdbc driver to current release.

Sounds like that was done.

Are you sure your SSL certs are recognized? The original exception suggests an issue with trust along the chain:
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=certificate-authority is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
That does seem an unexpected CN. Both your java cacerts and postgres would have to share the CA certs needed to validate the full chain.
David